1 / 17

Managing Password Security and Resources

Managing Password Security and Resources. Objectives. After completing this lesson, you should be able to do the following: Manage passwords using profiles Administer profiles Control use of resources using profiles Obtain information about profiles, password management, and resources.

jelani-underwood
Download Presentation

Managing Password Security and Resources

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Password Security and Resources

  2. Objectives • After completing this lesson, you should be able to do the following: • Manage passwords using profiles • Administer profiles • Control use of resources using profiles • Obtain information about profiles, password management, and resources

  3. Profiles • A profile is a named set of password and resource limits. • Profiles are assigned to users by the CREATE USER or ALTER USER command. • Profiles can be enabled or disabled. • Profiles can relate to the DEFAULT profile.

  4. Account locking Password history Password Management User Setting up profiles Password expiration and aging Password verification

  5. Enabling Password Management • Set up password management by using profiles and assigning them to users. • Lock, unlock, and expire accounts using the CREATE USER or ALTER USER command. • Password limits are always enforced. • To enable password management, run the utlpwdmg.sql script as the user SYS.

  6. Password Account Locking Parameter Description FAILED_LOGIN_ATTEMPTS PASSWORD_LOCK_TIME Number of failed login attempts before lockout of the account Number of days the account is locked after the specified number of failed login attempts

  7. Password Expiration and Aging Parameter Parameter PASSWORD_LIFE_TIME PASSWORD_GRACE_TIME Lifetime of the password in days after which the password expires Grace period in days for changing the password after the first successful login after the password has expired

  8. Password History Parameter Description PASSWORD_REUSE_TIME PASSWORD_REUSE_MAX Number of days before a password can be reused Maximum number of times apassword can be reused

  9. Password Verification Parameter Description PASSWORD_VERIFY_FUNCTION PL/SQL function that performs a password complexity check before a password is assigned

  10. User-Provided Password Function • This function must be created in the SYS schema and must have the following specification: function_name( userid_parameter IN VARCHAR2(30), password_parameter IN VARCHAR2(30), old_password_parameter INVARCHAR2(30)) RETURN BOOLEAN

  11. Password Verification Function VERIFY_FUNCTION • Minimum length is four characters. • Password should not be equal to username. • Password should have at least one alphabetic, one numeric, and one special character. • Password should differ from the previous password by at least three letters.

  12. Creating a Profile: Password Settings CREATE PROFILE grace_5 LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME UNLIMITED PASSWORD_LIFE_TIME 30 PASSWORD_REUSE_TIME 30 PASSWORD_VERIFY_FUNCTION verify_function PASSWORD_GRACE_TIME 5;

  13. Altering a Profile: Password Setting Use ALTER PROFILE to change password limits ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LIFE_TIME 60 PASSWORD_GRACE_TIME 10;

  14. Dropping a Profile: Password Setting • Drop the profile using DROP PROFILE command. • DEFAULT profile cannot be dropped. • CASCADE revokes the profile from user to whom assigned DROP PROFILE developer_prof; DROP PROFILE developer_prof CASCADE;

  15. Summary • In this lesson, you should have learned how to: • Administer passwords • Administer profiles

  16. Practice 14 Overview • This practice covers the following topics: • Enabling password management • Defining profiles and assigning to users • Disabling password management

More Related