oracle 10g, 11g may find the following, 12c not tested
A check and record profile configuration;
Second, modify profile (PASSWORD_REUSE_MAX, PASSWORD_REUSE_TIME, PASSWORD_VERIFY_FUNCTION) before resetting the password in order to avoid three error parameters;
Third, the user's current query in the OPEN state, and automatically generates the SQL reset passwords, execute the generated SQL password reset complete
four modified profile to the required value (three parameters);
five, password expiration time determination
----------------------- -----------------------------------------
1. query the database current profile configuration
set lin 200 is;
COL A20 for the PROFILE
SET pageSize 9999
COL RESOURCE_NAME for A36
COL for the LIMIT A20
SELECT the PROFILE, RESOURCE_NAME, from DBA_PROFILES Order by the LIMIT. 1;
2. check out the profile parameters PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to unlimited,
set PASSWORD_VERIFY_FUNCTION is NULL, otherwise reset the password operation can cause an error
the ALTER limit the DEFAULT profile PASSWORD_REUSE_MAX Unlimited;
the ALTER limit the DEFAULT profile PASSWORD_REUSE_TIME Unlimited;
the ALTER limit the DEFAULT profile PASSWORD_VERIFY_FUNCTION null;
Profile Unlimited FAILED_LOGIN_ATTEMPTS limit the DEFAULT ALTER;
ALTER Profile PASSWORD_LOCK_TIME limit the DEFAULT Unlimited;
ALTER Profile PASSWORD_GRACE_TIME limit the DEFAULT Unlimited;
ALTER Profile PASSWORD_LIFE_TIME limit the DEFAULT Unlimited;
alter profile DEFAULT limit PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;
alter profile DEFAULT limit PASSWORD_REUSE_MAX 3;
alter profile DEFAULT limit FAILED_LOGIN_ATTEMPTS 6;
3. Query the user is currently in the OPEN state, and automatically generates SQL to reset the password, execute the generated SQL to complete the password reset (in particular, with special attention to the space alignment)
select USER #, name, SPARE4 from sys.user $ (12c) ----- This is a bit of a problem
SELECT 'ALTER User' || name || 'IDENTIFIED values by' '' || || SPARE4 '' ';' SYS.USER from $
WHERE name in (SELECT username from DBA_USERS
WHERE ACCOUNT_STATUS <> 'the LOCK' and Not ACCOUNT_STATUS like 'EXPIRED% LOCKED'); (12c in which a standard) --- this is a little problem.
select ' alter user ' || name ||' identified by values '''||password ||''';' from sys.user$
where name in (select username from dba_users
where ACCOUNT_STATUS<>'LOCK' and ACCOUNT_STATUS not like 'EXPIRED%LOCKED');(11G以这一句为标准)
select ' alter user ' || username ||' identified by values '''||password ||''';' from dba_users
where ACCOUNT_STATUS<>'LOCK' and ACCOUNT_STATUS not like 'EXPIRED%LOCKED';(10G以这一句为标准)
select ' alter user ' || username || ' identified by values ''' || password || ''';' from dba_users where account_status='OPEN';
4. Modify the other values such as the protection profile desired, reference to the following (consistent with the actual required changes / recording parameters in step?)
alter profile DEFAULT limit PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;
alter profile DEFAULT limit PASSWORD_REUSE_TIME 180;
alter profile DEFAULT limit PASSWORD_REUSE_MAX 5;
alter profile DEFAULT limit PASSWORD_LIFE_TIME 180;
alter profile DEFAULT limit FAILED_LOGIN_ATTEMPTS 5;
alter profile MONITORING_PROFILE limit PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;
alter profile MONITORING_PROFILE limit PASSWORD_LIFE_TIME 180;
alter profile MONITORING_PROFILE limit FAILED_LOGIN_ATTEMPTS 5;
alter profile MONITORING_PROFILE limit PASSWORD_REUSE_MAX 5;
alter profile MONITORING_PROFILE limit PASSWORD_REUSE_TIME 1800;
alter profile MONITORING_PROFILE limit PASSWORD_GRACE_TIME 10;
5. Confirm password expiration
col USERNAME for a20
col PASSWORD for a32
col ACCOUNT_STATUS for a20
set lin 100
select username,PASSWORD,ACCOUNT_STATUS,EXPIRY_DATE from dba_users order by 3;
11G
set lin 120
col username for a10
col profile for a15
col account_status for a10
select b.username,b.profile,b.account_status,b.created,a.ptime,b.lock_date,b.expiry_date from
(select * from sys.user$) a,
(select * from dba_users) b
where a.name=b.username and ACCOUNT_STATUS<>'LOCK' and ACCOUNT_STATUS not like 'EXPIRED%LOCKED';
-------------------------------------------------- ----------------
parameter Description
maximum number before the account is locked allowed to try landing of: Failed_login_attempts
Password_life_time: Specifies the number of days using the same password allowed.
password_reuse_time: specifies the number of days before the password can not be reused (must be an integer)
password_reuse_max: specifies the number of times before the current password is reused password change (must be an integer)
Password_verify_function: This field allows complex PL / SQL password authentication script as a parameter passed to create profile statement. Function name to specify a password validation rules, the name is specified as Null means that no password authentication. If you specify a password parameter expression, the expression can be in any format, in addition to quantum database queries.
Password_grace_time: Specifies the grace days, issue a warning to the database a few days before landing failure; if the database password is not modified in the middle, then expires will fail;
------------------------------------------------------------------
select username,account_status,lock_date from dba_users where ACCOUNT_STATUS<>'LOCK' and ACCOUNT_STATUS not like 'EXPIRED%LOCKED';
set lin 120
col username for a10
col profile for a15
col account_status for a10
select b.username,b.profile,b.account_status,b.created,a.ptime,b.lock_date,b.expiry_date from
(select * from sys.user$) a,
(select * from dba_users) b
where a.name=b.username and ACCOUNT_STATUS<>'LOCK' and ACCOUNT_STATUS not like 'EXPIRED%LOCKED';
Create a password complexity verification function uses utlpwdmg.sql script.
@ $ ORACLE_HOME / RDBMS / ADMIN / utlpwdmg.sql