Home » RDBMS Server » Security » how to lock user account after expiere (RDBMS 11G linux)
how to lock user account after expiere [message #626210] Wed, 22 October 2014 13:52 Go to next message
evoradba
Messages: 144
Registered: April 2005
Location: Canada
Senior Member


Hello
I have a profile created in oracle and I want after the 3 days of grace for the user account to expiree, however oracle does not do that, can someone please give me any tips etc on how to lock after the 3 days?

CREATE PROFILE "PROFILE"
LIMIT CPU_PER_SESSION DEFAULT CPU_PER_CALL DEFAULT
CONNECT_TIME DEFAULT IDLE_TIME DEFAULT SESSIONS_PER_USER
DEFAULT LOGICAL_READS_PER_SESSION DEFAULT
LOGICAL_READS_PER_CALL DEFAULT PRIVATE_SGA DEFAULT
COMPOSITE_LIMIT DEFAULT FAILED_LOGIN_ATTEMPTS 3
PASSWORD_LOCK_TIME 1 PASSWORD_GRACE_TIME 3 PASSWORD_LIFE_TIME
45 PASSWORD_REUSE_MAX 10 PASSWORD_REUSE_TIME 3
PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION_11G
Re: how to lock user account after expiere [message #626211 is a reply to message #626210] Wed, 22 October 2014 14:36 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

LOCK and EXPIRY are 2 different and independent things.
An account can never be locked because of password expiration.

Now the grace period does not start when password expires but at the first connection after this password expiration.

Have a look at MOS note How to Interpret the ACCOUNT_STATUS Column in DBA_USERS (Doc ID 260111.1).

To do what you want you have to build a job that will periodically check which accounts have their account expires since 3 days and lock them.

Re: how to lock user account after expiere [message #626243 is a reply to message #626210] Thu, 23 October 2014 06:42 Go to previous messageGo to next message
EdStevens
Messages: 1376
Registered: September 2013
Senior Member
Expanding a bit on Michael's comments ..

Oracle does not spend its time constantly trawling through accounts looking for something that might have passed an expiration date. It checks that only when someone actually attempts to log in.

See http://edstevensdba.wordpress.com/2012/01/16/exploring-password-lifetime-and-grace-period/
Re: how to lock user account after expiere [message #626247 is a reply to message #626243] Thu, 23 October 2014 08:19 Go to previous message
evoradba
Messages: 144
Registered: April 2005
Location: Canada
Senior Member
thank you all for the information
Previous Topic: How to remove object audit ?
Next Topic: Wallets and certificates
Goto Forum:
  


Current Time: Thu Mar 28 15:15:07 CDT 2024