Oracle Database

Page 57

Configuring Password Protection

Table 3–2 (Cont.) Password-Specific Settings in the Default Profile Parameter

Default Setting

Description

PASSWORD_GRACE_TIME

7

Sets the number of days that a user has to change his or her password before it expires.

PASSWORD_LIFE_TIME

180

Sets the number of days the user can use his or her current password.

PASSWORD_LOCK_TIME

1

Sets the number of days an account will be locked after the specified number of consecutive failed login attempts.

PASSWORD_REUSE_MAX

UNLIMITED

Sets the number of days before which a password cannot be reused.

PASSWORD_REUSE_TIME

UNLIMITED

Sets the number of password changes required before the current password can be reused.

For greater security, use the default settings described in Table 3–2, based on your needs. You can create or modify the password settings in the profile by using one of the following methods: ■

Database Configuration Assistant (DBCA). When you create a new database or modify an existing database, you can use the Security Settings window to enable or disable its default security settings. The password-specific settings in Table 3–2 are part of these default settings. The default security settings also include the auditing settings described in "Using Default Auditing for Security-Relevant SQL Statements and Privileges" on page 6-10. Oracle recommends that you enable the default security settings. CREATE PROFILE or ALTER PROFILE statement. You can create or modify the password-specific parameters individually by using the CREATE PROFILE or ALTER PROFILE statement. For example: ALTER PROFILE prof FAILED_LOGIN_ATTEMPTS 10 PASSWORD_LOCK_TIME 1;

See Oracle Database SQL Language Reference for more information about CREATE PROFILE, ALTER PROFILE, and the password-related parameters described in this section.

Managing the Secure External Password Store for Password Credentials This section describes how to use the secure external password store to manage password credentials. ■

About the Secure External Password Store

How Does the External Password Store Work?

Configuring Clients to Use the External Password Store

Managing External Password Store Credentials

About the Secure External Password Store You can store password credentials for connecting to databases by using a client-side Oracle wallet. An Oracle wallet is a secure software container that stores authentication and signing credentials.

Configuring Authentication 3-11

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.