FAQ
Hi all,

We have one requirement to enforce below mentioned password rules for all
newly created user accounts in our environment.

All passwords must have at least 7 characters in length
All Logins will require the use of a password
Passwords must not match the username
Unsuccessful login attempts must be audited
Password duration <= 90 days
Failed logins limit = 6

Oracle built-in feature, setting Default profile and calling verify_function
function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose.
Because 2 rule will be violated for those users who use external password
option. My env is combination of 9i, 10g & 11g version databases.

Can you recommend / suggest any best way to implement the above rules ? It
would be great help.

Regards,
- Mahesh

Search Discussions

  • John Hallas at Mar 18, 2011 at 9:16 am
    The creation of external users would be managed by the DBA who is yourself presumably. If that is your policy then do not create externally identified users.
    The sample verify function provided by oracle is a good starting point but there are others available on the net which you can customise to your specific requirements.

    Step 4 is done by the use of audit, all the profile can do is restrict access after x number of failed attempts

    www.jhdba.wordpress.com

    From: oracle-l-bounce_at_freelists.org On Behalf Of Mahesh G
    Sent: 18 March 2011 08:31
    To: oracle-l@freelists.org
    Subject: Enforcing password rules in oracle database

    Hi all,

    We have one requirement to enforce below mentioned password rules for all newly created user accounts in our environment.

    All passwords must have at least 7 characters in length
    All Logins will require the use of a password
    Passwords must not match the username
    Unsuccessful login attempts must be audited
    Password duration <= 90 days
    Failed logins limit = 6

    Oracle built-in feature, setting Default profile and calling verify_function function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose.
    Because 2 rule will be violated for those users who use external password option. My env is combination of 9i, 10g & 11g version databases.

    Can you recommend / suggest any best way to implement the above rules ? It would be great help.

    Regards,
    - Mahesh

    Wm Morrison Supermarkets Plc is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL. This email and any attachments are intended for the addressee(s) only and may be confidential.

    If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email.
    If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way.

    This email does not constitute a contract in writing for the purposes of the Law of Property (Miscellaneous Provisions) Act 1989.

    Our Standard Terms and Conditions of Purchase, as may be amended from time to time, apply to any contract that we enter into. The current version of our Standard Terms and Conditions of Purchase is available at: http://www.morrisons.co.uk/gscop

    Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility,
    and it is the responsibility of recipients to carry out their own virus checks.
  • Anonymous at Mar 18, 2011 at 10:34 am
    Hi Mahesh,
    Because 2 rule will be violated for those users who use
    external password option. My env is combination of 9i, 10g &
    11g version databases.
    I'm not 100% sure about this, sorry, but do user accounts which are
    "identified externally" actually fire the password verification checks?

    Just a thought.

    Cheers,
    Norm.

    Information in this message may be confidential and may be legally privileged. If you have received this message by mistake, please notify the sender immediately, delete it and do not copy it to anyone else.

    We have checked this email and its attachments for viruses. But you should still check any attachment before opening it.
    We may have to make this message and any reply to it public if asked to under the Freedom of Information Act, Data Protection Act or for litigation. Email messages and attachments sent to or from any Environment Agency address may also be accessed by someone other than the sender or recipient, for business purposes.

    If we have sent you information and you wish to use it please read our terms and conditions which you can get by calling us on 08708 506 506. Find out more about the Environment Agency at www.environment-agency.gov.uk
  • Powell, Mark at Mar 18, 2011 at 5:41 pm
    I would think you would want to require more than 7 characters especially with such a long duration which you might consider shortening.

    From: oracle-l-bounce_at_freelists.org On Behalf Of Mahesh G
    Sent: Friday, March 18, 2011 4:31 AM
    To: oracle-l@freelists.org
    Subject: Enforcing password rules in oracle database

    Hi all,

    We have one requirement to enforce below mentioned password rules for all newly created user accounts in our environment.

    All passwords must have at least 7 characters in length
    All Logins will require the use of a password
    Passwords must not match the username
    Unsuccessful login attempts must be audited
    Password duration <= 90 days
    Failed logins limit = 6

    Oracle built-in feature, setting Default profile and calling verify_function function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose.
    Because 2 rule will be violated for those users who use external password option. My env is combination of 9i, 10g & 11g version databases.

    Can you recommend / suggest any best way to implement the above rules ? It would be great help.

    Regards,
    - Mahesh

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedMar 18, '11 at 8:30a
activeMar 18, '11 at 5:41p
posts4
users4
websiteoracle.com

People

Translate

site design / logo © 2022 Grokbase