[Oracle] oracle设置用户名密码复杂性校验


本文总阅读量

1、在$ORACLE_HOME/rdbms/admin/目录下存在一个文件utlpwdmg.sql,里面有默认的配置可以直接执行,也可根据自己的需求修改配置文件再执行该脚本:

1
sql>@?/rdbms/admin/utlpwdmg.sql

2、执行完成之后,再次修改密码使用简单的密码,将提示28003错误:

1
2
3
4
5
6
14:16:23 SYS@ boston> alter user test identified by oracle;
alter user test identified by oracle
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password length less than 8

3、查看修改后的概要文件下的参数

1
2
3
4
5
6
7
8
9
10
SELECT * FROM dba_profiles s WHERE s.profile='DEFAULT' AND resource_name like 'PASSWORD%';

PROFILE 		       RESOURCE_NAME			RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT 		       PASSWORD_LIFE_TIME		PASSWORD 180
DEFAULT 		       PASSWORD_REUSE_TIME		PASSWORD UNLIMITED
DEFAULT 		       PASSWORD_REUSE_MAX		PASSWORD UNLIMITED
DEFAULT 		       PASSWORD_VERIFY_FUNCTION 	PASSWORD VERIFY_FUNCTION_11G
DEFAULT 		       PASSWORD_LOCK_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_GRACE_TIME		PASSWORD 7

4、现在重置密码的时候,密码还是可以复用的,因为PASSWORD_REUSE_TIME和PASSWORD_REUSE_MAX参数没有限制:

1
2
3
4
5
15:04:58 SYS@ boston> alter user test identified by Testdb123
User altered.
Elapsed: 00:00:00.11
15:06:04 SYS@ boston> alter user test identified by Testdb123;
User altered.

5、下面修改PASSWORD_REUSE_TIME(用户名可以在多长时间之后可以复用)或者密码修改过多少次之后可以复用以前的旧密码(PASSWORD_REUSE_MAX)

,官方文档提示,只修改两个参数中的任意一个,另一个参数为unlimited,结果是用户永远不能复用密码:

5.1、只单独修改PASSWORD_REUSE_TIME
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
15:13:17 SYS@ boston> ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_TIME 1;
Profile altered.
Elapsed: 00:00:00.08
15:13:18 SYS@ boston> SELECT * FROM dba_profiles s WHERE s.profile='DEFAULT' AND resource_name like 'PASSWORD%';

PROFILE 		       RESOURCE_NAME			RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT 		       PASSWORD_LIFE_TIME		PASSWORD 180
DEFAULT 		       PASSWORD_REUSE_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_REUSE_MAX		PASSWORD UNLIMITED
DEFAULT 		       PASSWORD_VERIFY_FUNCTION 	PASSWORD VERIFY_FUNCTION_11G
DEFAULT 		       PASSWORD_LOCK_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_GRACE_TIME		PASSWORD 7
再次修改用户已经提示
15:13:22 SYS@ boston> alter user test identified by Testdb123;
alter user test identified by Testdb123
*
ERROR at line 1:
ORA-28007: the password cannot be reused
Elapsed: 00:00:00.02
5.2、只单独修改PASSWORD_REUSE_MAX
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_TIME UNLIMITED;
ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_MAX 5;
ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_TIME UNLIMITED;
Profile altered.
Elapsed: 00:00:00.05
15:19:26 SYS@ boston> ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_MAX 5;
Profile altered.
Elapsed: 00:00:00.03
15:19:26 SYS@ boston> SELECT * FROM dba_profiles s WHERE s.profile='DEFAULT' AND resource_name like 'PASSWORD%';
PROFILE 		       RESOURCE_NAME			RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT 		       PASSWORD_LIFE_TIME		PASSWORD 180
DEFAULT 		       PASSWORD_REUSE_TIME		PASSWORD UNLIMITED
DEFAULT 		       PASSWORD_REUSE_MAX		PASSWORD 5
DEFAULT 		       PASSWORD_VERIFY_FUNCTION 	PASSWORD VERIFY_FUNCTION_11G
DEFAULT 		       PASSWORD_LOCK_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_GRACE_TIME		PASSWORD 7
6 rows selected.
Elapsed: 00:00:00.01
15:19:29 SYS@ boston> alter user test identified by Testdb123;
alter user test identified by Testdb123
*
ERROR at line 1:
ORA-28007: the password cannot be reused
5.3、下面同时修改这两个参数:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
15:21:45 SYS@ boston> ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_TIME 1;
Profile altered.
Elapsed: 00:00:00.05
15:21:46 SYS@ boston> SELECT * FROM dba_profiles s WHERE s.profile='DEFAULT' AND resource_name like 'PASSWORD%';

PROFILE 		       RESOURCE_NAME			RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT 		       PASSWORD_LIFE_TIME		PASSWORD 180
DEFAULT 		       PASSWORD_REUSE_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_REUSE_MAX		PASSWORD 5
DEFAULT 		       PASSWORD_VERIFY_FUNCTION 	PASSWORD VERIFY_FUNCTION_11G
DEFAULT 		       PASSWORD_LOCK_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_GRACE_TIME		PASSWORD 7
设置一天之后,并且修改5次不同密码之后才能复用之前的密码,下面为了满足要求,修改系统时间:
15:23:00 SYS@ boston> select sysdate from dual;
SYSDATE
-------------------
2019:01:23 15:23:04
[oracle@dax-mysql-slave admin]$ date -s 20190125
date: 无法设置日期: 不允许的操作
2019年 01月 25日 星期五 00:00:00 CST
[oracle@dax-mysql-slave admin]$ exit
登出
[root@dax-mysql-slave ~]# date -s 20190125
2019年 01月 25日 星期五 00:00:00 CST
[root@dax-mysql-slave ~]# su - oracle
上一次登录:三 1月 23 13:44:53 CST 2019pts/2 上
[oracle@dax-mysql-slave ~]$ date
2019年 01月 25日 星期五 00:00:06 CST
[oracle@dax-mysql-slave ~]$ sql
00:00:26 SYS@ boston> select sysdate from dual;
SYSDATE
-------------------
2019:01:25 00:00:34
Elapsed: 00:00:00.00
00:00:34 SYS@ boston> SELECT * FROM dba_profiles s WHERE s.profile='DEFAULT' AND resource_name like 'PASSWORD%';
PROFILE 		       RESOURCE_NAME			RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT 		       PASSWORD_LIFE_TIME		PASSWORD 180
DEFAULT 		       PASSWORD_REUSE_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_REUSE_MAX		PASSWORD 5
DEFAULT 		       PASSWORD_VERIFY_FUNCTION 	PASSWORD VERIFY_FUNCTION_11G
DEFAULT 		       PASSWORD_LOCK_TIME		PASSWORD 1
DEFAULT 		       PASSWORD_GRACE_TIME		PASSWORD 7
6 rows selected.
Elapsed: 00:00:00.03
修改5次不同的密码:
00:04:17 SYS@ boston> alter user test identified by Testdb128;
User altered.
Elapsed: 00:00:00.08
00:04:29 SYS@ boston> alter user test identified by Testdb129;
User altered.
Elapsed: 00:00:00.03
00:04:33 SYS@ boston> alter user test identified by Testdb130;
User altered.
Elapsed: 00:00:00.04
00:04:37 SYS@ boston> alter user test identified by Testdb131;
User altered.
Elapsed: 00:00:00.04
00:04:39 SYS@ boston> alter user test identified by Testdb132;
User altered.
修改5次之后再次修改为以前的密码,修改正常:
Elapsed: 00:00:00.04
00:04:40 SYS@ boston> alter user test identified by Testdb123;
User altered.
再次修改为上面修改的新的密码,提示不能复用:
Elapsed: 00:00:00.05
00:04:46 SYS@ boston> alter user test identified by Testdb130;
alter user test identified by Testdb130
*
ERROR at line 1:
ORA-28007: the password cannot be reused
Elapsed: 00:00:00.02
00:04:56 SYS@ boston>

6、还原上面的操作,在oracle下面有一个还原脚本,执行下面命令:

1
sql>@?/rdbms/admin/undopwd.sql

上面的脚本把PASSWORD_LIFE_TIME、PASSWORD_REUSE_TIME等参数改为了unlimitd,但是PASSWORD_VERIFY_FUNCTION的限制函数VERIFY_FUNCTION_11G仍然存在,如果不把这个清空,密码的复杂度校验仍然存在,清空密码复杂度校验执行下面操作:

1
sql>alter profile default limit PASSWORD_VERIFY_FUNCTION null;
oracle
目录
  1. 1. 1、在$ORACLE_HOME/rdbms/admin/目录下存在一个文件utlpwdmg.sql,里面有默认的配置可以直接执行,也可根据自己的需求修改配置文件再执行该脚本:
  2. 2. 2、执行完成之后,再次修改密码使用简单的密码,将提示28003错误:
  3. 3. 3、查看修改后的概要文件下的参数
  4. 4. 4、现在重置密码的时候,密码还是可以复用的,因为PASSWORD_REUSE_TIME和PASSWORD_REUSE_MAX参数没有限制:
  5. 5. 5、下面修改PASSWORD_REUSE_TIME(用户名可以在多长时间之后可以复用)或者密码修改过多少次之后可以复用以前的旧密码(PASSWORD_REUSE_MAX)
    1. 5.1. 5.1、只单独修改PASSWORD_REUSE_TIME
    2. 5.2. 5.2、只单独修改PASSWORD_REUSE_MAX
    3. 5.3. 5.3、下面同时修改这两个参数:
  6. 6. 6、还原上面的操作,在oracle下面有一个还原脚本,执行下面命令:

Proudly powered by Hexo and Theme by Lap
本站访客数人次
© 2020 zeven0707's blog