comptes oracle , lock et passwords

Sécurité Oracle Ajouter un commentaire

Quelques infos en vrac:

Infos générales sur le compte

SQL> select * from dba_users
where username='TOTO';
USERNAME 	USER_ID 	PASSWORD 	ACCOUNT_STATUS 	LOCK_DATE 	EXPIRY_DA 	DEFAULT_TABLESPACE 	TEMPORARY_TABLESPACE 	CREATED 	PROFILE 	INITIAL_RSRC_CONSUMER_GROUP 	EXTERNAL_NAME
TOTO 		5394 		EBD64F4E40B74042 	LOCKED 	24-FEB-11 	USERS 		TEMP						21-FEB-11 	DEFAULT 	DEFAULT_CONSUMER_GROUP

On voit notamment :

profil : DEFAUT
lockable apres 20 essai et LE PASSWORD crypté !

Infos plus détaillées (si on se souvient du USERID Oracle (USER# ici) vu précédemment :

SQL> select * from sys.user$
where user#=5394
USER# 	NAME 	TYPE# 	PASSWORD 	DATATS# 	TEMPTS# 	CTIME 	PTIME 	EXPTIME 	LTIME 	RESOURCE$ 	AUDIT$ 	DEFROLE 	DEFGRP# 	DEFGRP_SEQ# 	ASTATUS 	LCOUNT 	DEFSCHCLASS 	EXT_USERNAME 	SPARE1 	SPARE2 	SPARE3 	SPARE4 	SPARE5 	SPARE6
5394 	TOTO 	1 	EBD64F4E40B74042 	4 	250 	21-FEB-11 	03-MAR-11 	  	24-FEB-11 	0 	  	1 	  	  	8 	20 	DEFAULT_CONSUMER_GROUP 	  	0

Avec :

CTIME : date de création
PTIME : date de modification
LTIME: date du lock
EXPTIME : date d’expiration
LCOUNT :
ASTATUS : statut du compte. En gros ouvert, verrouillé ou expiré.

Plus d’infos sur la colonne ASTATUS de USER$ :

SQL> SELECT * FROM SYS.USER_ASTATUS_MAP;

STATUS# STATUS
———- ——————————–
0 OPEN
1 EXPIRED
2 EXPIRED(GRACE)
4 LOCKED(TIMED)
8 LOCKED
5 EXPIRED & LOCKED(TIMED)
6 EXPIRED(GRACE) & LOCKED(TIMED)
9 EXPIRED & LOCKED
10 EXPIRED(GRACE) & LOCKED

details du profile  (qui n’apparaissent pas tous dans la console) :

failed_login_attempts - This is the number of failed login attempts before locking the Oracle user account. The default is three failed attempts.
password_grace_time - This is the grace period after the password_life_time limit is exceeded.
password_life_time - This is how long an existing password is valid. The default here forces a password change every 60 days.
password_lock_time – This specifies how long to lock the account after the failed login attempts is met. Most DBA’s set this value to UNLIMITED.
password_reuse_max – This is the number of times that you may re-user a passwords and is intended to prevent repeating password cycles (north, south, east, west).
password_reuse_time – This parameter specifies a time limit before a previous password can be re-entered. To allow unlimited use of previously used passwords, set password_reuse_time to UNLIMITED.
password_verify_function - This allows you to specify the name of a custom password verification function.

Faire un commentaire