cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Profile users 11G

Go to solution
JAMpe
Participant

on ‎08-17-2013 5:18 PM

0 Kudos

Hello everyone,

I have the following question: In oracle 10G the users like "system" and "sapsr3" had the "DEFAULT" user profile where the parameter "PASSWORD_LIFE_TIME" was set to UNLIMITED, however, now in Oracle 11G the "DEFAULT" user profile  has the parameter
"PASSWORD_LIFE_TIME" set to "180". I know that for users like "sapsr3" we have the "SAPUPROF" user profile but what about the user "system" which still use the "DEFAULT" profile. Should we create a new profile with "PASSWORD_LIFE_TIME" set to UNLIMITED? or change the "DEFAULT" profile with
PASSWORD_LIFE_TIME" set to UNLIMITED like in Oracle 10G? or It's better to change the password periodically?

Regards,

JAM


Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Reagan
Product and Topic Expert
Product and Topic Expert
‎08-18-2013 3:12 PM
0 Kudos

Hello

Should we create a new profile with "PASSWORD_LIFE_TIME" set to UNLIMITED? or change the "DEFAULT" profile with PASSWORD_LIFE_TIME" set to UNLIMITED like in Oracle 10G? or It's better to change the password periodically?

If you have any scripts enabled on the crontab or some external connections to the database where the SYSTEM user is used then you will need to change the password in all these locations every time you change the SYSTEM password.

In order to avoid such problems after the upgrade I modified the FAILED_LOGIN_ATTEMPTS 10 and PASSWORD_LIFE_TIME 180 to UNLIMITED

ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED;

ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;

I have backups scheduled with the SYSTEM user and I don't want the backups to fail.

From my point of view it is better to set them to unlimited to avoid any unnecessary troubles.

Regards

RB

Show replies
Show replies
JAMpe
Participant
‎08-18-2013 10:33 PM
0 Kudos

Thanks for the reply Reagan. I have changed the DEFAULT profile and set FAILED_LOGIN_ATTEMPS and PASSWORD_LIFE_TIME parameters to UNLIMITED, then I changed the password with brtools.

By the way, I notice that the parameter PASSWORD_GRACE_TIME is set to UNLIMITED in the DEFAULT user profile, so I guess even If PASSWORD_LIFE_TIME was set to 180, the users with that profile would never get EXPIRED, right?

I was also wondering why after my oracle upgrade to 11.2.0.3 (from 10.2.0.4) the user "system" went on "Expired(grace)" status before the 180 days have passed, was this a bug? I know that during upgrade oracle locks some accounts except for "sys" and "system".

regards,

JAM

Reagan
Product and Topic Expert
Product and Topic Expert
‎08-19-2013 11:29 AM
0 Kudos

Good Day Jam

By the way, I notice that the parameter PASSWORD_GRACE_TIME is set to UNLIMITED in the DEFAULT user profile, so I guess even If PASSWORD_LIFE_TIME was set to 180, the users with that profile would never get EXPIRED, right?

Yes. The account status will be in EXPIRED(GRACE) but you will still be able to login as the PASSWORD_GRACE_TIME is set to unlimited.

I was also wondering why after my oracle upgrade to 11.2.0.3 (from 10.2.0.4) the user "system" went on "Expired(grace)" status before the 180 days have passed, was this a bug? I know that during upgrade oracle locks some accounts except for "sys" and "system".

As the PASSWORD_LIFE_TIME was set to 180 after the upgrade the last password change time was taken into account.

Have a look at the definitions of the password parameters and their definitions

http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_6010.htm

http://docs.oracle.com/cd/E11882_01/network.112/e16543/authentication.htm#CHDCGJED

Check this link for a scenario.

http://edstevensdba.wordpress.com/2012/01/16/exploring-password-lifetime-and-grace-period/

Regards

RB

JAMpe
Participant
‎08-20-2013 2:27 AM
0 Kudos

Thanks for the info Reagan.

regards,

JAM

Answers (1)

Answers (1)

former_member184473
Active Contributor
‎08-18-2013 3:54 PM
0 Kudos

Hello JAM,

Check the following notes:

1627312ORA-28001: the password has expired - during system startup
1519872SAP Database User Profile SAPUPROF

Regards,

Eduardo Rezende

Show replies
Show replies
Ask a Question