Thursday, March 22, 2012

Disable Oracle Expire passwords

In order to prevent passwords from expiring on your DB users you can create a separate profile (or modify the exisisting DEFAULT profile) to disable the expire time. The DEFAULT profile was set to 180 in my environment. The accounts in question were not user accounts but were application accounts. Make sure you check with your security folks before throwing this down.


Create the New Profile.


CREATE PROFILE my_profile LIMIT
PASSWORD_LIFE_TIME UNLIMITED;

Change your user to the new profile


ALTER USER scott PROFILE my_profile;

You can set other options i your new profile if you want. The cool thing is that the options you do not set will automatically revert to the DEFAULT profile. Thus its a good idea to leave your DEFAULT PROFILE alone and create custom profiles.


Some other options you can change.


  • FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is locked

  • PASSWORD_LIFE_TIME - limits the number of days the same password can be used for authentication

  • PASSWORD_REUSE_TIME - number of days before a password can be reused

  • PASSWORD_REUSE_MAX - number of password changes required before the current password can be reused

  • PASSWORD_LOCK_TIME - number of days an account will be locked after maximum failed login attempts

  • PASSWORD_GRACE_TIME - number of days after the grace period begins during which a warning is issued and login is allowed

  • PASSWORD_VERIFY_FUNCTION - password complexity verification script

0 comments:

Post a Comment