The only real restrictions in the DEFAULT profile limit the number of consecutive unsuccessful
login attempts (FAILED_LOGIN_ATTEMPTS) to ten before the account is locked and the number
of days before a password must be changed (PASSWORD_LIFE_TIME) to 180. In addition, no
password verification function is enabled.
Profiles and Password Control
In Table 9-4 are the password-related profile parameters. All units of time are specified in days (to
specify any of these parameters in minutes, for example, divide by 1440):
SQL> create profile lim_lock limit password_lock_time 5/1440;
Profile created.
Password Parameter Description
FAILED_LOGIN_ATTEMPTS The number of failed login attempts before the account is
locked.
PASSWORD_LIFE_TIME The number of days the password can be used before it
must be changed. If it is not changed within PASSWORD_
GRACE_TIME, the password must be changed before logins
are allowed.
PASSWORD_REUSE_TIME The number of days a user must wait before reusing a
password; this parameter is used in conjunction with
PASSWORD_REUSE_MAX.
PASSWORD_REUSE_MAX The number of password changes that have to occur
before a password can be reused; this parameter is used in
conjunction with PASSWORD_REUSE_TIME.
PASSWORD_LOCK_TIME How many days the account is locked after FAILED_
LOGIN_ATTEMPTS attempts. After this time period, the
account is automatically unlocked.
PASSWORD_GRACE_TIME The number of days after which an expired password must
be changed.
Pages:
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496