Unlock the user without changing the user password
1.0 requirements: a user is notified, unable to log in, the user is locked, but the password is unknown or not told to you
1.1 : User is locked out: several possibilities
A user uses the default Pfile profile with parameters:
-- PASSWORD_LIFE_TIME 180 Password valid retention time
User B uses the default Pfile profile with parameters:
-- FAILED_LOGIN_ATTEMPTS 10 The number of login attempts allowed after a failed login
-- PASSWORD_LOCK_TIME 1 After the login fails, the limit is exceeded, and the account is locked for days
Custom settings used by C users: not considered in this experiment
1.2 Fault Simulation
#Create test user
SQL> create user yang identified by asfqr1rfa10;
# lock user
SQL> alter user yang account lock;
#PL/SQL login error
SQL*Plus login error
SQL> conn yang/asfqr1rfa10;
ERROR:
HOUR-28000:
Warning: You are no longer connected to ORACLE.
#Query error explanation
SQL> !oerr ora 28000
28000, 00000, "the account is locked"
// *Cause: The user has entered wrong password consequently for maximum
// number of times specified by the user's profile parameter
// FAILED_LOGIN_ATTEMPTS, or the DBA has locked the account
// *Action: Wait for PASSWORD_LOCK_TIME or contact DBA
#If the wrong password is entered, the user will be locked if the number of times of wrong input is exceeded
#DBA Lock Please contact DBA
1.3 Solutions
1.3.1 Query information
# SQL> alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss';
SQL> select USERNAME,PASSWORD,ACCOUNT_STATUS,LOCK_DATE,PROFILE from dba_users where username ='YANG';
YANG users
LOCKED _
2018-01-14 01:25:21 Lock time
DEFAULT profile default
1.3.2 Query the hash value of the user password
SQL>select name,password from user$ where name='YANG'
NAME PASSWORD
---------- ------------------------------------------------------------
YANG BF382C1C900CB086
1.3.2 Use the password hash value to unlock the user without changing the password
SQL> alter user yang identified by values 'BF382C1C900CB086' account unlock;
1.3.3 Verification
SQL> conn yang/asfqr1rfa10
Connected.
1.3.4 Set the password to never expire
Default profile expires in 180 days, profile parameters can be modified
#Query user account password expiration time
SQL> alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss';
SQL> select username,expiry_date from dba_users where username in('HR','YANG');
USERNAME EXPIRY_DATE
------------------------------------------------------------ -------------------
THE 2018-07-13 01:49:18
HR 2018-07-12 06:09:24
SQL> select sysdate from dual;
2018-01-14 01:55:04
#Modify unlimited OK
alter profile default limit password_life_time unlimited;
#Query verification
SQL> select username,expiry_date from dba_users where username in('HR','YANG');
USERNAME EXPIRY_DATE
---------- -------------------
WHICH
HR
#Extension : You can modify the above: After the password is incorrectly logged in, the number of connection attempts is allowed, and the modification is unlimited: be careful