SQL> SELECT profile FROM dba_users WHERE username='ABC'; PROFILE ------------------------------ DEFAULT SQL> SQL> SELECT profile,resource_type,resource_name,limit FROM dba_profiles WHERE resource_type='PASSWORD' AND profile='DEFAULT'; PROFILE RESOURCE RESOURCE_NAME LIMIT ------------------------------ -------- -------------------------------- ---------------------------------------- DEFAULT PASSWORD FAILED_LOGIN_ATTEMPTS 10 DEFAULT PASSWORD PASSWORD_LIFE_TIME UNLIMITED DEFAULT PASSWORD PASSWORD_REUSE_TIME UNLIMITED DEFAULT PASSWORD PASSWORD_REUSE_MAX UNLIMITED DEFAULT PASSWORD PASSWORD_VERIFY_FUNCTION NULL DEFAULT PASSWORD PASSWORD_LOCK_TIME UNLIMITED DEFAULT PASSWORD PASSWORD_GRACE_TIME UNLIMITED SQL>
2) 修改并启动密码复杂度
说明:utlpwdmg.sql脚本中包括密码策略及帐号策略, 该脚本后面是帐号策略的配置,可以事先注释掉,后面再一一启用。
SQL> alter system set resource_limit = true;
SQL> @$ORACLE_HOME/rdbms/admin/utlpwdmg.sql
3) 修改账号策略
SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 60 PASSWORD_GRACE_TIME 10 PASSWORD_REUSE_TIME 1800 PASSWORD_REUSE_MAX UNLIMITED FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1/1440; PASSWORD_VERIFY_FUNCTION verify_function 相关参数说明: FAILED_LOGIN_ATTEMPTS: 允许登录失败的次数 PASSWORD_LOCK_TIME: 达到登录失败次数后,帐户锁定的天数,过了这个天数之后帐户会自动解锁 PASSWORD_LIFE_TIME: 口令的生存期(天) PASSWORD_GRACE_TIME: 口令失效后从第一次成功登录算起的更改口令的宽限期(天) PASSWORD_REUSE_TIME: 可以重新使用口令前的天数 PASSWORD_REUSE_MAX: 可以重新使用口令的最多次数 PASSWORD_VERIFY_FUNCTION: 检验口令设置的PL/SQL 函数 查看结果: SQL> set linesize 200; SQL> SELECT profile,resource_type,resource_name,limit FROM dba_profiles WHERE resource_type='PASSWORD' AND profile='DEFAULT'; PROFILE RESOURCE RESOURCE_NAME LIMIT ------------------------------ -------- -------------------------------- ---------------------------------------- DEFAULT PASSWORD FAILED_LOGIN_ATTEMPTS 3 DEFAULT PASSWORD PASSWORD_LIFE_TIME 60 DEFAULT PASSWORD PASSWORD_REUSE_TIME 1800 DEFAULT PASSWORD PASSWORD_REUSE_MAX UNLIMITED DEFAULT PASSWORD PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION DEFAULT PASSWORD PASSWORD_LOCK_TIME .0006 DEFAULT PASSWORD PASSWORD_GRACE_TIME 10 7 rows selected. SQL>
# 取消Oracle密码复杂度检查:
SQL> alter profile default limit password_verify_function null;
SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
?
4) 可以针对单个用户进行策略限制。
SQL> CREATE PROFILE ABC_PROFILE LIMIT PASSWORD_LIFE_TIME UNLIMITED PASSWORD_GRACE_TIME 10 PASSWORD_REUSE_TIME 1800 PASSWORD_REUSE_MAX UNLIMITED FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1/1440; SQL> alter user abc profile ABC_PROFILE; User altered. SQL> SQL> SELECT profile,resource_type,resource_name,limit FROM dba_profiles WHERE resource_type='PASSWORD' AND profile='ABC_PROFILE'; PROFILE RESOURCE RESOURCE_NAME LIMIT ------------------------------ -------- -------------------------------- ---------------------------------------- ABC_PROFILE PASSWORD FAILED_LOGIN_ATTEMPTS 3 ABC_PROFILE PASSWORD PASSWORD_LIFE_TIME UNLIMITED ABC_PROFILE PASSWORD PASSWORD_REUSE_TIME 1800 ABC_PROFILE PASSWORD PASSWORD_REUSE_MAX UNLIMITED ABC_PROFILE PASSWORD PASSWORD_VERIFY_FUNCTION NULL ABC_PROFILE PASSWORD PASSWORD_LOCK_TIME .0006 ABC_PROFILE PASSWORD PASSWORD_GRACE_TIME 10
?