Configuring Password Protection
Table 3–2 (Cont.) Password-Specific Settings in the Default Profile Parameter
Default Setting
Description
PASSWORD_GRACE_TIME
7
Sets the number of days that a user has to change his or her password before it expires.
PASSWORD_LIFE_TIME
180
Sets the number of days the user can use his or her current password.
PASSWORD_LOCK_TIME
1
Sets the number of days an account will be locked after the specified number of consecutive failed login attempts.
PASSWORD_REUSE_MAX
UNLIMITED
Sets the number of days before which a password cannot be reused.
PASSWORD_REUSE_TIME
UNLIMITED
Sets the number of password changes required before the current password can be reused.
For greater security, use the default settings described in Table 3–2, based on your needs. You can create or modify the password settings in the profile by using one of the following methods: ■
■
Database Configuration Assistant (DBCA). When you create a new database or modify an existing database, you can use the Security Settings window to enable or disable its default security settings. The password-specific settings in Table 3–2 are part of these default settings. The default security settings also include the auditing settings described in "Using Default Auditing for Security-Relevant SQL Statements and Privileges" on page 6-10. Oracle recommends that you enable the default security settings. CREATE PROFILE or ALTER PROFILE statement. You can create or modify the password-specific parameters individually by using the CREATE PROFILE or ALTER PROFILE statement. For example: ALTER PROFILE prof FAILED_LOGIN_ATTEMPTS 10 PASSWORD_LOCK_TIME 1;
See Oracle Database SQL Language Reference for more information about CREATE PROFILE, ALTER PROFILE, and the password-related parameters described in this section.
Managing the Secure External Password Store for Password Credentials This section describes how to use the secure external password store to manage password credentials. ■
About the Secure External Password Store
■
How Does the External Password Store Work?
■
Configuring Clients to Use the External Password Store
■
Managing External Password Store Credentials
About the Secure External Password Store You can store password credentials for connecting to databases by using a client-side Oracle wallet. An Oracle wallet is a secure software container that stores authentication and signing credentials.
Configuring Authentication 3-11