==================
See current status
==================
COL default_profile FOR A10
COL app_prof_profile FOR A10
COL resource_name FOR A30
COL default_limit FOR A20
COL app_prof_limit FOR A40
set LINESIZE 160
SELECT DBA_PROFILES_DEFAULT.profile default_profile,
SELECT DBA_PROFILES_DEFAULT.profile default_profile,
DBA_PROFILES_APP_PROF.profile app_prof_profile,
DBA_PROFILES_DEFAULT.resource_name resource_name,
DBA_PROFILES_DEFAULT.limit default_limit,
DBA_PROFILES_APP_PROF.limit app_prof_limit
FROM DBA_PROFILES DBA_PROFILES_DEFAULT,
DBA_PROFILES DBA_PROFILES_APP_PROF
WHERE DBA_PROFILES_DEFAULT.profile='DEFAULT'
AND DBA_PROFILES_APP_PROF.profile='APP_PROF'
AND DBA_PROFILES_DEFAULT.resource_name = DBA_PROFILES_APP_PROF.resource_name
AND DBA_PROFILES_DEFAULT.limit <> DBA_PROFILES_APP_PROF.limit
ORDER BY 3,1,2;
DEFAULT_PR APP_PROF_P RESOURCE_NAME DEFAULT_LIMI APP_PROF_LIMIT
---------- ---------- ------------------------ ------------ ---------------------------
DEFAULT APP_PROF IDLE_TIME UNLIMITED 480
DEFAULT APP_PROF PASSWORD_LOCK_TIME 1 UNLIMITED
DEFAULT APP_PROF PASSWORD_ROLLOVER_TIME 0 DEFAULT
DEFAULT APP_PROF PASSWORD_VERIFY_FUNCTION NULL ORA12C_STIG_VERIFY_FUNCTION
==================
Change settings:
==================
ALTER PROFILE APP_PROF LIMIT IDLE_TIME UNLIMITED;
ALTER PROFILE APP_PROF LIMIT PASSWORD_VERIFY_FUNCTION NULL;
Details:
PASSWORD_ROLLOVER_TIME - DEFAULT - Is same as zero
PASSWORD_LOCK_TIME - When user becomes unlocked, after the specified number of consecutive failed login attempts
==================
Theory
==================
Password-Specific Settings in the Default Profile
Parameter: INACTIVE_ACCOUNT_TIME
Default Setting Description: UNLIMITED
Description: Locks the account of a database user who has not logged in to the database instance in a specified number of days.
Parameter: FAILED_LOGIN_ATTEMPTS
Default Setting Description: 10
Description: Sets the maximum times a user try to log in and to fail before locking the account.
Note: You can set limits on the number of times an unauthorized user (possibly an intruder) attempts to log in to Oracle Call Interface (OCI) applications by using the SEC_MAX_FAILED_LOGIN_ATTEMPTS initialization parameter.
Parameter: PASSWORD_GRACE_TIME
Default Setting Description: 7
Description: Sets the number of days that a user has to change their password before it expires.
Parameter: PASSWORD_LIFE_TIME
Default Setting Description: 180
Description: Sets the number of days the user can use their current password.
Parameter: PASSWORD_LOCK_TIME
Default Setting Description: 1
Description: Sets the number of days an account will be locked after the specified number of consecutive failed login attempts.
After the time passes, then the account becomes unlocked.
This user's profile parameter is useful to help prevent brute force attacks on user passwords but not to increase the maintenance burden on administrators.
Even after the value set by PASSWORD_LOCK_TIME shows that the password has expired, the DBA_USERS data dictionary view will show that the account is locked.
However, after the user connects, the information in DBA_USERS is updated with the correct OPEN status.
Parameter: PASSWORD_REUSE_MAX
Default Setting Description: UNLIMITED
Description: Sets the number of password changes required before the current password can be reused.
Parameter: PASSWORD_REUSE_TIME
Default Setting Description: UNLIMITED
Description: Sets the number of days before which a password cannot be reused.
Parameter: PASSWORD_ROLLOVER_TIME
Default Setting Description: 0
Description: Enables the gradual database password rollover time.
