14 Copyright © Oracle Corporation, 2002. All rights reserved. Managing Password Security and Resources 14-2 Copyright © Oracle Corporation, 2002. All rights reserved. Objectives After completing this lesson, you should be able to do the following: • Manage passwords using profiles • Administer profiles • Control use of resources using profiles • Obtain password and resource limit information 14-3 Copyright © Oracle Corporation, 2002. All rights reserved. Profiles • A profile is a named set of password and resource limits. • Profiles are assigned to users by the CREATE USER or ALTER USER command. • Profiles can be enabled or disabled. • Profiles can relate to the DEFAULT profile. 14-5 Copyright © Oracle Corporation, 2002. All rights reserved. User Password expiration and aging Password verification Password history Account locking Setting up profiles Password Management 14-6 Copyright © Oracle Corporation, 2002. All rights reserved. • Set up password management by using profiles and assigning them to users. • Lock, unlock, and expire accounts using the CREATE USER or ALTER USER command. • Password limits are always enforced. • To enable password management, run the utlpwdmg.sql script as the user SYS. Enabling Password Management 14-7 Copyright © Oracle Corporation, 2002. All rights reserved. Password Account Locking Parameter Number of failed login attempts before lockout of the account Number of days the account is locked after the specified number of failed login attempts FAILED_LOGIN_ATTEMPTS PASSWORD_LOCK_TIME Description 14-8 Copyright © Oracle Corporation, 2002. All rights reserved. Parameter Lifetime of the password in days after which the password expires Grace period in days for changing the password after the first successful login after the password has expired PASSWORD_LIFE_TIME PASSWORD_GRACE_TIME Parameter Password Expiration and Aging 14-9 Copyright © Oracle Corporation, 2002. All rights reserved. Password History Parameter Number of days before a password can be reused Maximum number of changes required before a password can be reused PASSWORD_REUSE_TIME PASSWORD_REUSE_MAX Description 14-10 Copyright © Oracle Corporation, 2002. All rights reserved. Password Verification Parameter PL/SQL function that performs a password complexity check before a password is assigned PASSWORD_VERIFY_FUNCTION Description 14-11 Copyright © Oracle Corporation, 2002. All rights reserved. User-Provided Password Function This function must be created in the SYS schema and must have the following specification: function_name( userid_parameter IN VARCHAR2(30), password_parameter IN VARCHAR2(30), old_password_parameter IN VARCHAR2(30)) RETURN BOOLEAN [...]... FAILED_LOGIN_ATTEMPTS 3 PASSWORD_ LOCK_TIME UNLIMITED PASSWORD_ LIFE_TIME 30 PASSWORD_ REUSE_TIME 30 PASSWORD_ VERIFY_FUNCTION verify_function PASSWORD_ GRACE_TIME 5; 14-13 Copyright © Oracle Corporation, 2002 All rights reserved Altering a Profile: Password Setting Use ALTER PROFILE to change password limits ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_ LIFE_TIME 60 PASSWORD_ GRACE_TIME 10;.. .Password Verification Function VERIFY_FUNCTION • Minimum length is four characters • Password should not be equal to username • Password should have at least one alphabetic, one numeric, and one special character • Password should differ from the previous password by at least three letters 14-12 Copyright © Oracle Corporation, 2002 All rights reserved Creating a Profile: Password Settings... lesson, you should have learned how to: • Administer passwords • Administer profiles • Obtain password and resource limit information 14-35 Copyright © Oracle Corporation, 2002 All rights reserved Practice 14 Overview This practice covers the following topics: • Enabling password management • Defining profiles and assigning to users • Disabling password management 14-36 Copyright © Oracle Corporation,... means of allocating resources: • CPU method • Active session pool and queuing • Degree of parallelism limit • Automatic consumer group switching • Maximum estimated execution time • Undo quota 14-31 Copyright © Oracle Corporation, 2002 All rights reserved Obtaining Password and Resource Limit Information Information about password and resource limits can be obtained by querying the following views:... rights reserved Managing Resources Using the Database Resource Manager • Resource plans specify the resource consumer groups belonging to the plan • Resource plans contain directives for how to allocate resources among consumer groups 14-29 Copyright © Oracle Corporation, 2002 All rights reserved Resource Plan Directives The Database Resource Manager provides several means of allocating resources: •... Corporation, 2002 All rights reserved Managing Resources Using the Database Resource Manager • Provides the Oracle server with more control over resource management decisions • Elements of the Database Resource Manager: – – – – Resource consumer group Resource plan Resource allocation method Resource plan directives • Uses the DBMS_RESOURCE_MANAGER package to create and maintain elements • Requires ADMINISTER_RESOURCE_MANAGER... profiles using the CREATE PROFILE command • Enable resource limits with the: – RESOURCE_LIMIT initialization parameter – ALTER SYSTEM command 14-21 Copyright © Oracle Corporation, 2002 All rights reserved Enabling Resource Limits • Set the initialization parameter RESOURCE_LIMIT to TRUE • Enforce the resource limits by enabling the parameter with the ALTER SYSTEM command ALTER SYSTEM SET RESOURCE_LIMIT=TRUE;... PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_ LIFE_TIME 60 PASSWORD_ GRACE_TIME 10; 14-17 Copyright © Oracle Corporation, 2002 All rights reserved Dropping a Profile: Password Setting • Drop the profile using DROP PROFILE command • DEFAULT profile cannot be dropped • CASCADE revokes the profile from the user to whom it was assigned DROP PROFILE developer_prof; DROP PROFILE developer_prof CASCADE;... sessions allowed for each username CONNECT_TIME Elapsed connect time measured in minutes IDLE_TIME Periods of inactive time measured in minutes LOGICAL_READS_PER _SESSION Number of data blocks (physical and logical reads) PRIVATE_SGA 14-23 Description Private space in the SGA measured in bytes (for Shared Server only) Copyright © Oracle Corporation, 2002 All rights reserved Setting Resource Limits at . 14 Copyright © Oracle Corporation, 2002. All rights reserved. Managing Password Security and Resources 14-2 Copyright © Oracle Corporation, 2002. All rights. rights reserved. User Password expiration and aging Password verification Password history Account locking Setting up profiles Password Management 14-6 Copyright