Password Parameters

I am trying to find out how to set password parameters in oracle. I want to be able to set minimum length password, password timeouts and so forth. Can this be done in oracle and if so where?
Thanks in advance

CREATE PROFILE
Purpose
Use the CREATE PROFILE statement to create a profile, which is a set of limits on database resources. If you assign the profile to a user, that user cannot exceed these limits.
See Also:
Oracle9i Database Administrator's Guide for a detailed description and explanation of how to use password management and protection
Prerequisites
To create a profile, you must have CREATE PROFILE system privilege.
To specify resource limits for a user, you must:
Enable resource limits dynamically with the ALTER SYSTEM statement or with the initialization parameter RESOURCE_LIMIT. (This parameter does not apply to password resources. Password resources are always enabled.)
Create a profile that defines the limits using the CREATE PROFILE statement
Assign the profile to the user using the CREATE USER or ALTER USER statement
See Also:
ALTER SYSTEM for information on enabling resource limits dynamically
Oracle9i Database Reference for information on the RESOURCE_LIMIT parameter
CREATE USER and ALTER USER for information on profiles
Syntax
create_profile::=
Text description of create_profile
resource_parameters::=
Text description of resource_parameters
password_parameters::=
Text description of password_parameters
Semantics
profile
Specify the name of the profile to be created. Use profiles to limit the database resources available to a user for a single call or a single session.
Oracle enforces resource limits in the following ways:
If a user exceeds the CONNECT_TIME or IDLE_TIME session resource limit, Oracle rolls back the current transaction and ends the session. When the user process next issues a call, Oracle returns an error.
If a user attempts to perform an operation that exceeds the limit for other session resources, Oracle aborts the operation, rolls back the current statement, and immediately returns an error. The user can then commit or roll back the current transaction, and must then end the session.
If a user attempts to perform an operation that exceeds the limit for a single call, Oracle aborts the operation, rolls back the current statement, and returns an error, leaving the current transaction intact.
Notes:
You can use fractions of days for all parameters that limit time, with days as units. For example, 1 hour is 1/24 and 1 minute is 1/1440.
You can specify resource limits for users regardless of whether the resource limits are enabled. However, Oracle does not enforce the limits until you enable them.
See Also:
"Creating a Profile: Example"
UNLIMITED
When specified with a resource parameter, UNLIMITED indicates that a user assigned this profile can use an unlimited amount of this resource. When specified with a password parameter, UNLIMITED indicates that no limit has been set for the parameter.
DEFAULT
Specify DEFAULT if you want to omit a limit for this resource in this profile. A user assigned this profile is subject to the limit for this resource specified in the DEFAULT profile. The DEFAULT profile initially defines unlimited resources. You can change those limits with the ALTER PROFILE statement.
Any user who is not explicitly assigned a profile is subject to the limits defined in the DEFAULT profile. Also, if the profile that is explicitly assigned to a user omits limits for some resources or specifies DEFAULT for some limits, the user is subject to the limits on those resources defined by the DEFAULT profile.
resource_parameters
SESSIONS_PER_USER
Specify the number of concurrent sessions to which you want to limit the user.
CPU_PER_SESSION
Specify the CPU time limit for a session, expressed in hundredth of seconds.
CPU_PER_CALL
Specify the CPU time limit for a call (a parse, execute, or fetch), expressed in hundredths of seconds.
CONNECT_TIME
Specify the total elapsed time limit for a session, expressed in minutes.
IDLE_TIME
Specify the permitted periods of continuous inactive time during a session, expressed in minutes. Long-running queries and other operations are not subject to this limit.
LOGICAL_READS_PER_SESSION
Specify the permitted number of data blocks read in a session, including blocks read from memory and disk.
LOGICAL_READS_PER_CALL
Specify the permitted the number of data blocks read for a call to process a SQL statement (a parse, execute, or fetch).
PRIVATE_SGA
Specify the amount of private space a session can allocate in the shared pool of the system global area (SGA), expressed in bytes. Use K or M to specify this limit in kilobytes or megabytes.
Note:
This limit applies only if you are using Shared Server architecture. The private space for a session in the SGA includes private SQL and PL/SQL areas, but not shared SQL and PL/SQL areas.
COMPOSITE_LIMIT
Specify the total resource cost for a session, expressed in service units. Oracle calculates the total service units as a weighted sum of CPU_PER_SESSION, CONNECT_TIME, LOGICAL_READS_PER_SESSION, and PRIVATE_SGA.
See Also:
ALTER RESOURCE COST for information on how to specify the weight for each session resource
If you specify expr for any of these parameters, the expression can be of any form except scalar subquery expression.
See Also:
"Setting Profile Resource Limits: Example"
password_parameters
FAILED_LOGIN_ATTEMPTS
Specify the number of failed attempts to log in to the user account before the account is locked.
PASSWORD_LIFE_TIME
Specify the number of days the same password can be used for authentication. The password expires if it is not changed within this period, and further connections are rejected.
PASSWORD_REUSE_TIME
Specify the number of days before which a password cannot be reused. If you set PASSWORD_REUSE_TIME to an integer value, then you must set PASSWORD_REUSE_MAX to UNLIMITED.
PASSWORD_REUSE_MAX
Specify the number of password changes required before the current password can be reused. If you set PASSWORD_REUSE_MAX to an integer value, then you must set PASSWORD_REUSE_TIME to UNLIMITED.
PASSWORD_LOCK_TIME
Specify the number of days an account will be locked after the specified number of consecutive failed login attempts.
PASSWORD_GRACE_TIME
Specify the number of days after the grace period begins during which a warning is issued and login is allowed. If the password is not changed during the grace period, the password expires.
PASSWORD_VERIFY_FUNCTION
The PASSWORD_VERIFY_FUNCTION clause lets a PL/SQL password complexity verification script be passed as an argument to the CREATE PROFILE statement. Oracle provides a default script, but you can create your own routine or use third-party software instead.
For function, specify the name of the password complexity verification routine.
Specify NULL to indicate that no password verification is performed.
Restrictions on Password Parameters
If PASSWORD_REUSE_TIME is set to an integer value, PASSWORD_REUSE_MAX must be set to UNLIMITED. If PASSWORD_REUSE_MAX is set to an integer value, PASSWORD_REUSE_TIME must be set to UNLIMITED.
If both PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX are set to UNLIMITED, then Oracle uses neither of these password resources.
If PASSWORD_REUSE_MAX is set to DEFAULT and PASSWORD_REUSE_TIME is set to UNLIMITED, then Oracle uses the PASSWORD_REUSE_MAX value defined in the DEFAULT profile.
If PASSWORD_REUSE_TIME is set to DEFAULT and PASSWORD_REUSE_MAX is set to UNLIMITED, then Oracle uses the PASSWORD_REUSE_TIME value defined in the DEFAULT profile.
If both PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX are set to DEFAULT, then Oracle uses whichever value is defined in the DEFAULT profile.
See Also:
"Setting Profile Password Limits: Example"
Examples
Creating a Profile: Example
The following statement creates the profile new_profile:
CREATE PROFILE new_profile
LIMIT PASSWORD_REUSE_MAX DEFAULT
PASSWORD_REUSE_TIME UNLIMITED;
Setting Profile Resource Limits: Example
The following statement creates the profile app_user:
CREATE PROFILE app_user LIMIT
SESSIONS_PER_USER UNLIMITED
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL 3000
CONNECT_TIME 45
LOGICAL_READS_PER_SESSION DEFAULT
LOGICAL_READS_PER_CALL 1000
PRIVATE_SGA 15K
COMPOSITE_LIMIT 5000000;
If you then assign the app_user profile to a user, the user is subject to the following limits in subsequent sessions:
The user can have any number of concurrent sessions.
In a single session, the user can consume an unlimited amount of CPU time.
A single call made by the user cannot consume more than 30 seconds of CPU time.
A single session cannot last for more than 45 minutes.
In a single session, the number of data blocks read from memory and disk is subject to the limit specified in the DEFAULT profile.
A single call made by the user cannot read more than 1000 data blocks from memory and disk.
A single session cannot allocate more than 15 kilobytes of memory in the SGA.
In a single session, the total resource cost cannot exceed 5 million service units. The formula for calculating the total resource cost is specified by the ALTER RESOURCE COST statement.
Since the system_manager profile omits a limit for IDLE_TIME and for password limits, the user is subject to the limits on these resources specified in the DEFAULT profile.
Setting Profile Password Limits: Example
The following statement creates the same app_user2 profile with password limits values set:
CREATE PROFILE app_user2 LIMIT
FAILED_LOGIN_ATTEMPTS 5
PASSWORD_LIFE_TIME 60
PASSWORD_REUSE_TIME 60
PASSWORD_REUSE_MAX UNLIMITED
PASSWORD_VERIFY_FUNCTION verify_function
PASSWORD_LOCK_TIME 1/24
PASSWORD_GRACE_TIME 10;
This example uses Oracle's password verification function, verify_function. Please refer to Oracle9i Database Administrator's Guide for information on using this verification function provided by Oracle or designing your own verification function.
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/statements_611a.htm#SQLRF01310
Joel P�rez

Similar Messages

Can I pass username & password in JDBC URL in Crystal Reports 2008?

Hi,
I tried to put this URL in the CRConfig.xml file : jdbc:postgresql://hostname:5432/db_name?user=user_name&password=pw
Without the user and password parameters, it works fine but I always have to enter the database information when I create a new report or refresh an existing report.
With the parameters, when I create a new report, if I click on "Create new connection", Crystal Reports freezes. If I click on the connection in "My connections", then I get an "Invalid argument" error message.
How can I configure the database information so that I don't always need to enter it manually?
Thanks,
Marianne

Hi Marianne,
We don't recommended you do that. The text is in the clear so anyone could use your log on info. You may be able to add your user name to the Report by editing the connection properties from the Set Location dialog box but to add your password would give anyone who opened your report your log on info.
And the info would be passed to the DB over the network in the clear so someone could hack your info.
Thank you
Don

Password not sent with mail during creation of new acct on GRC 10

Hello Experts,
When a new user is being created and when his access has been approved and he gets the closing mail the system is not sending a password mail or password with that closing mail.
Is there some setting which needs to be done for this to be able to send out password with mails.
When I do just a PSS it sends out mails to users.
Thanks
Uday

Hi,
In the notification emails, do you get details of the new User ID created and the roles assigned per system etc? We had issues earlier in a project when creating the POC system as the notifications would provide the message "Error In Provisioning" whilst the Application logs stated everything was created and provisioned correctly.
I noticed that you have issues in being able to assign a "End of Request" e-mail notification in the first step of the MSMP config. It may be worth getting in touch with SAP.
As you are on SP07, the notes I had to implement are not applicable as they were all included into the SP07 release.
It might be worth checking with Basis that the password parameters have been set up for the system password wizard etc.
Will update the forum thread if I find anything to share.
All the best

Dynamic username and password for UsernameToken in Receiver Soap Adapter.

Hi All,
I am using AXIS Frame work for WS Security Authentication in Receiver SOAP channel. I deployed AXIS and used WSDoAllSender handler. I want to set the username and password parameters in the module dynamically. These have to be extracted from the payload.
kindly give me pointers to dynamically assign Username and Password.
Regards,
Saipriya.

continued from the previous entry
1. configure the following four handlers in the request chain
Handler dc
Handler xireq
Handler wssec
Handler trp
For the xireq and trp handler, you can use the default setting.
For the dc and wssec handlers, you use the following setting:
dc: handler.type = java:com.sap.aii.axis.xi.XI30DynamicConfigurationHandler
dc: key.1 = write http://sap.com/xi/axis username
dc: value.1 = user
wssec: handler.type = java:org.apache.ws.axis.security.WSDoAllSender
wssec: action = UsernameToken
wssec: passwordType = PasswordText
wssec: passwordCallbackClass = com.sap.aii.axis.security.DefaultPasswordCallbackHandler
2. Create an external password file with user password pairs. For example, if you have three users: orange, banana, and apple, with their passwords: orange, yellow, red, you create a file with content:
orange:orange
banana:yellow
apple:red
You name this file to ".password" and place it at the engine's classloader directory (e.g.,
/usr/sap/E07/JC90/j2ee/cluster/server0)
3. Prepare the input message containing the user name in the dynamic configuration header that looks like:
<ns3:DynamicConfiguration xmlns:ns3="http://sap.com/xi/XI/Message/30">
<ns3:Record name="username" namespace="http://sap.com/xi/axis">orange</ns3:Record>
</ns3:DynamicConfiguration>
The namespace and name must match the value used in the key.1 property of the dc handler. As long as they match, you can use any names.
In this example, the user name value "orange" will be extracted by the dc handler and inserted into the message context.
4. Send a test message.
Best regards, Yza

Problem with passwords

Hi, since about 2 days I have a problem with all the users changing there password,
How can I know the last five passwords entered by a user, where can I find this information.
SAP is set to refuse any password used within the last 5 so it needs to keep it somewhere...
thank you all
and have a nice day

Here is a link to the SAP PAssword rules:
http://help.sap.com/saphelp_nw04s/helpdata/en/d2/141fb593c742b5aad8f272dd487b74/frameset.htm
THis is a link for password parameters:
http://help.sap.com/saphelp_nw04s/helpdata/en/22/41c43ac23cef2fe10000000a114084/frameset.htm
Change this parameter to 3 login/password_history_size

How to Hide userid and password in the address bar

Hello Dears
I am using OAS 10g and calling a form from my web portal designed in ASP.Net. I pass userid and password to OAS as parameters and form is accessed but the problem is that userid and password are displayed in the address bar. How can I hide this info to secure my application.
Note: This is a multi-user environment.
Please guide. thanks
Inayat Qazi

On your reports server in the reports\conf directory there is a file called cgicmd.dat
This file allows you to create a key that will be replaced with the entry from this file. You can put your userid and password parameters in here and thus remove them from the address line.
Key value entries look like this in the file:
examplekey: userid="scott/tiger@myoracleinstance" %*
your url would then look like this:
http://myreportsserver/servlet/rwservlet?examplekey&report=myreport.rdf&destype=cache

Password reset in oracle 11g 11.2.0.2.0

Hi Gurus,
I tryed to reset the password for an user to the same password which was existing some time ago.
it was comming with an error ORA-28007: the password cannot be reused
is there any alternative to reset to the password which was existing before .
as the password has been hardcoded in few applications.
any suggestion is highly apprciated.
Thanks in advance ...

790072 wrote:
Hi Gurus,
I tryed to reset the password for an user to the same password which was existing some time ago.
it was comming with an error ORA-28007: the password cannot be reused
is there any alternative to reset to the password which was existing before .
as the password has been hardcoded in few applications.
any suggestion is highly apprciated.
Thanks in advance ...
28007, 00000, "the password cannot be reused"
// *Cause:    The password cannot be reused for the specified number of
//            days or for the specified nunmber of password changes
// *Action:   Try the password that you have not used for the specified
//            number of days or the specified number of password changes
//            Refer to the password parameters in the CREATE PROFILE statement
//

Password complexity not taking effect in solaris 10 u9

Hi,
I am testing the password complexity in solaris 10 u9 machine, But what ever parameters i gave for password parameters, like password length, username check etc, in /etc/default/passwd file , those are not getting affected
Then i replaced the /usr/lib/security/pam_authtok_check.so.1 with the u10 version and tried changing the passwd of one user, it was working fine, with u6 /usr/lib/security/pam_authtok_check.so.1 also it was working fine,
Is it an OS bug..? if so, what is the fix..?

Hi,
You can use Profilemanager in Mountain Lion to manage clients and set presets per client or user. It's inside the server.app for ios en osx as well
Are your clients running mountain lion? Otherwise download workgroupmanager for mountain lion and see whether that will work for your environment.
Let me know!
Jeffrey

Auto Login With Request Parameters

Hello
I am working on a test JSF application in NetBeans 5.5 using the visual web pack. Currently there are only two pages in the app, a login page and a main page.
I am trying to figure out how I could set up an auto login to a JSF based web app. I would like the app to be able to take username and password parameters on the URL and automatically attempt to log into the app with those values. When the URL contains these parameters and they're valid, instead of displaying the login page, it would start up with the main page displayed. If the paramters were not present or invalid, the login page would be displayed.
I've read about how to pull request parameter values into from a JSP page, but I don't think that would helpful for this case. I have instances of ApplicationBean, SessionBean and RequestBean in the project. I'm wondering if any of these would be the appropriate place to add some code to check for the parameters, attempt to login and display the correct page based on the login result.
And advice greatly appreciated.
Shelli

I'll be so kind to share a basic example I've been playing with a while ago :)
public class UserFilter implements javax.servlet.Filter {
    @SuppressWarnings("unused")
    private FilterConfig filterConfig;
    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException
        // Check PathInfo.
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String pathInfo = StringX.trim(httpRequest.getRequestURI(), httpRequest.getContextPath());
        if (pathInfo.indexOf(PATH_INC + "/") == 0 || pathInfo.indexOf(MAIN_JSF) == 0) {
            // If include files are loaded (subviews, images, css, js) or if unfriendly URL is
            // requested somehow, then continue the chain and abort this filter. In case of
            // unfriendly URL's, the next filter in the chain is the FriendlyUrlFilter which
            // translates the URL and will redirect back to this filter.
            chain.doFilter(request, response);
            return;
        // Get UserSession from HttpSession.
        HttpSession session = httpRequest.getSession();
        UserSession userSession = (UserSession) session.getAttribute(SESSION_ID);
        if (userSession == null) {
            // No UserSession found in HttpSession; lookup SessionId in cookie.
            String sessionId = Context.getCookieValue(httpRequest, COOKIE_ID);
            if (sessionId != null) {
                // SessionId found in cookie; lookup UserSession by SessionId in database.
                userSession = new UserSession();
                userSession.setSessionId(sessionId);
                LoadQuery<UserSession> loadQuery = new LoadQuery<UserSession>(userSession);
                try {
                    Dao.execute(loadQuery);
                    userSession = loadQuery.getOne(); // This can be null.
                    // If this is null, then session is just deleted from DB or the cookie is fake.
                    Logger.info("Loading usersession succeed: " + userSession);
                } catch (DaoException e) {
                    Logger.error("Loading usersession failed.", e);
            if (userSession == null) { // loadQuery.getOne() can return null.
                // No SessionId found in cookie, or no UserSession found in DB; create new UserSession.
                sessionId = StringX.getUniqueID();
                userSession = new UserSession(sessionId);
                try {
                    Dao.execute(new SaveQuery<UserSession>(userSession));
                    Logger.info("Creating usersession succeed:" + userSession);
                } catch (DaoException e) {
                    Logger.error("Creating usersession failed.", e);
                // Put SessionId in cookie.
                HttpServletResponse httpResponse = (HttpServletResponse) response;
                Context.setCookieValue(httpResponse, COOKIE_ID, sessionId);
            // Set UserSession in current HttpSession.
            session.setAttribute(SESSION_ID, userSession);
        // Add hit and update UserSession.
        userSession.addHit();
        try {
            Dao.execute(new SaveQuery<UserSession>(userSession));
            Logger.info("Updating usersession succeed:" + userSession);
        } catch (DaoException e) {
            Logger.error("Updating usersession failed.", e);
        // Continue filtering.
        chain.doFilter(request, response);
    public void destroy() {
        this.filterConfig = null;
}By the way, the 'User' DTO is wrapped in the UserSession which can be retrieved in the backing bean by:
public User getUser() {
    return ((UserSession) Context.getSessionAttribute(SESSION_ID)).getUser();
}If the User is not logged in, then this is null. If the user is logged in, then put the User in the UserSession object.

MDM Server Password Parameter in SRM Web Service for SRM MDM Catalog 2.0

Hi Experts,
We have password set on our MDM server. I am little confused about how to define MDM server password parameter in external Web service Call structure in SRM System for SRM MDM Catalog 2.0.
Will Catalog webservice work, if we don;t define password for MDM server in webservice??if No, then please let me know how to define MDM server password in SRM websevice.
Any help will be highly appreciated.
Thanks,
Shiv

Hi Shiv,
The MDM Server password is needed when you are changing Webdynpro UI Configuration.
For catalogs, all you need is the repository userid/password parameters in the call structutre.
SG

ITS Custom Login screen password expirey option?

Hi all,
We have included the custom login screen in the ITS service. By using login and password parameters in the service parameters.
But in this the new custom login screen doesn't have the new password option or it cannot detect the password expiry of the sap users login into the ITS service.
Can anyone please let me know which system variable handles the password expiry for the SAP login.
Or can anyone let me know the standard program for the ITS SAP standard login screen.
Thanks Urgent requirement. rewards will awarded for the all the responses
Thanks & Regards
Ekta

if its Integrated ITS, then you can refer to this blog on customizing login screen.
/people/sergio.ferrari2/blog/2007/04/06/bsphowto--customizing-the-design-of-system-logon-page-in-netweaver-04

Setting FTP Output parameters at runtime

Hello, there!
Is it possible to set server, path, user and password parameters of an FTP Output MII 12.0 action on runtime?
I have to tried to, but it doesn't work.
I get a [ERROR]: FTPPut FTP error:Could Not Log In: 530 Login incorrect.
Otherwise, if I set on the Configure Object screen with the same values, it works perfectly.
Is it a problem or should it really work this way?
Thanks a lot!

Yes, Rick, it seems to be a bug on MII.
Anyway, we'll hard code user and password...
Thanks a lot!

Password rejection for no apparent reason

For the second time in 30 days, my apple ID password is "incorrect". I know its the right one, I've been using it for 30 days. I can reset for a new password, but why the heck is it rejecting an established password......for a second time?
The first time I think it was because the password parameters changed. Cool. I created a valid password. But this new rejection has be baffled.

Have you tried Reseting the iPad when the problem shows up? [Hold the Home and Sleep/Wake buttons down together for 10 seconds or so (until the Apple logo appears) and then release. The screen will go blank and then power ON again in the normal way.] It is app and data safe!

Encrypting password in ODI

Hi
During Scheduling of scenario , in order to modify the password parameters in the ODIPARAMS file we need to encrypt the password by executing the command "agent encode password" from the dos prompt , from the /bin directory so that it gives a string .the problem is whenever i try to execute the same command again it is giving a different string.Does this make any difference.Is this the way to encrypt the password and moreover scenario is not getting executed at scheduled time.

Hi,
I think it's ok that the "agent encode" command gives a different password everytime you execute the command. I noticed the same and it works ok.
Maybe the encoding is based on a timestamp or something ...
I haven't tried to schedule scenarios yet; hopefully you'll get a reply from someone else.

Where is username/password in webservice call

Hi,
I'm have a webservice client based on a simple WLS sample client that makes a
call of the form:
<my service name>Port port = <my service name>_Impl().get<my service name>Port()
The get<my service name>Port can optionally take "username" and "password" parameters
to allow the client to invoke a secured web service. How are "username" and "password"
passed? In the SOAP message itself, in HTTP...? I dumped the SOAP request using
the verbose option and do not see the username or password.
We want to be able to have .NET clients invoke these secured web services also
and have not been able to figure out how a .NET client specifies username/password
to invoke our web service. Has anyone done this?
Thanks in advance.

WLS use HTTP basic auth. The user name and passwd are in the HTTP
header.
I know that we test basic auth with .Net, but not sure how to set username
and passwd in the .net client.
http://manojc.com
"Jack Ottofaro" <[email protected]> wrote in message
news:3edfaa1c$[email protected]..
>
Hi,
I'm have a webservice client based on a simple WLS sample client thatmakes a
call of the form:
<my service name>Port port = <my service name>_Impl().get<my servicename>Port()
>
The get<my service name>Port can optionally take "username" and "password"parameters
to allow the client to invoke a secured web service. How are "username"and "password"
passed? In the SOAP message itself, in HTTP...? I dumped the SOAP requestusing
the verbose option and do not see the username or password.
We want to be able to have .NET clients invoke these secured web servicesalso
and have not been able to figure out how a .NET client specifiesusername/password
to invoke our web service. Has anyone done this?
Thanks in advance.

Password Parameters

Similar Messages

Maybe you are looking for