Thông tin tài liệu
14
Copyright © Oracle Corporation, 2002. All rights reserved.
Managing Password Security
and Resources
14-2
Copyright © Oracle Corporation, 2002. All rights reserved.
Objectives
After completing this lesson, you should be able to do
the following:
•
Manage passwords using profiles
•
Administer profiles
•
Control use of resources using profiles
•
Obtain password and resource limit information
14-3
Copyright © Oracle Corporation, 2002. All rights reserved.
Profiles
•
A profile is a named set of password and resource
limits.
•
Profiles are assigned to users by the CREATE USER
or ALTER USER command.
•
Profiles can be enabled or disabled.
•
Profiles can relate to the DEFAULT profile.
14-5
Copyright © Oracle Corporation, 2002. All rights reserved.
User
Password
expiration
and aging
Password
verification
Password
history
Account
locking
Setting up
profiles
Password Management
14-6
Copyright © Oracle Corporation, 2002. All rights reserved.
•
Set up password management by using profiles and
assigning them to users.
•
Lock, unlock, and expire accounts using the CREATE
USER or ALTER USER command.
•
Password limits are always enforced.
•
To enable password management, run the
utlpwdmg.sql script as the user SYS.
Enabling Password Management
14-7
Copyright © Oracle Corporation, 2002. All rights reserved.
Password Account Locking
Parameter
Number of failed login attempts
before lockout of the account
Number of days the account is
locked after the specified number
of failed login attempts
FAILED_LOGIN_ATTEMPTS
PASSWORD_LOCK_TIME
Description
14-8
Copyright © Oracle Corporation, 2002. All rights reserved.
Parameter
Lifetime of the password in days
after which the password expires
Grace period in days for changing
the password after the first
successful login after the password
has expired
PASSWORD_LIFE_TIME
PASSWORD_GRACE_TIME
Parameter
Password Expiration and Aging
14-9
Copyright © Oracle Corporation, 2002. All rights reserved.
Password History
Parameter
Number of days before a
password can be reused
Maximum number of changes
required before a password
can be reused
PASSWORD_REUSE_TIME
PASSWORD_REUSE_MAX
Description
14-10
Copyright © Oracle Corporation, 2002. All rights reserved.
Password Verification
Parameter
PL/SQL function that performs a
password complexity check
before a password is assigned
PASSWORD_VERIFY_FUNCTION
Description
14-11
Copyright © Oracle Corporation, 2002. All rights reserved.
User-Provided Password Function
This function must be created in the SYS schema and
must have the following specification:
function_name(
userid_parameter IN VARCHAR2(30),
password_parameter IN VARCHAR2(30),
old_password_parameter IN VARCHAR2(30))
RETURN BOOLEAN
[...]... FAILED_LOGIN_ATTEMPTS 3 PASSWORD_ LOCK_TIME UNLIMITED PASSWORD_ LIFE_TIME 30 PASSWORD_ REUSE_TIME 30 PASSWORD_ VERIFY_FUNCTION verify_function PASSWORD_ GRACE_TIME 5; 14-13 Copyright © Oracle Corporation, 2002 All rights reserved Altering a Profile: Password Setting Use ALTER PROFILE to change password limits ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_ LIFE_TIME 60 PASSWORD_ GRACE_TIME 10;.. .Password Verification Function VERIFY_FUNCTION • Minimum length is four characters • Password should not be equal to username • Password should have at least one alphabetic, one numeric, and one special character • Password should differ from the previous password by at least three letters 14-12 Copyright © Oracle Corporation, 2002 All rights reserved Creating a Profile: Password Settings... lesson, you should have learned how to: • Administer passwords • Administer profiles • Obtain password and resource limit information 14-35 Copyright © Oracle Corporation, 2002 All rights reserved Practice 14 Overview This practice covers the following topics: • Enabling password management • Defining profiles and assigning to users • Disabling password management 14-36 Copyright © Oracle Corporation,... means of allocating resources: • CPU method • Active session pool and queuing • Degree of parallelism limit • Automatic consumer group switching • Maximum estimated execution time • Undo quota 14-31 Copyright © Oracle Corporation, 2002 All rights reserved Obtaining Password and Resource Limit Information Information about password and resource limits can be obtained by querying the following views:... rights reserved Managing Resources Using the Database Resource Manager • Resource plans specify the resource consumer groups belonging to the plan • Resource plans contain directives for how to allocate resources among consumer groups 14-29 Copyright © Oracle Corporation, 2002 All rights reserved Resource Plan Directives The Database Resource Manager provides several means of allocating resources: •... Corporation, 2002 All rights reserved Managing Resources Using the Database Resource Manager • Provides the Oracle server with more control over resource management decisions • Elements of the Database Resource Manager: – – – – Resource consumer group Resource plan Resource allocation method Resource plan directives • Uses the DBMS_RESOURCE_MANAGER package to create and maintain elements • Requires ADMINISTER_RESOURCE_MANAGER... profiles using the CREATE PROFILE command • Enable resource limits with the: – RESOURCE_LIMIT initialization parameter – ALTER SYSTEM command 14-21 Copyright © Oracle Corporation, 2002 All rights reserved Enabling Resource Limits • Set the initialization parameter RESOURCE_LIMIT to TRUE • Enforce the resource limits by enabling the parameter with the ALTER SYSTEM command ALTER SYSTEM SET RESOURCE_LIMIT=TRUE;... PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_ LIFE_TIME 60 PASSWORD_ GRACE_TIME 10; 14-17 Copyright © Oracle Corporation, 2002 All rights reserved Dropping a Profile: Password Setting • Drop the profile using DROP PROFILE command • DEFAULT profile cannot be dropped • CASCADE revokes the profile from the user to whom it was assigned DROP PROFILE developer_prof; DROP PROFILE developer_prof CASCADE;... sessions allowed for each username CONNECT_TIME Elapsed connect time measured in minutes IDLE_TIME Periods of inactive time measured in minutes LOGICAL_READS_PER _SESSION Number of data blocks (physical and logical reads) PRIVATE_SGA 14-23 Description Private space in the SGA measured in bytes (for Shared Server only) Copyright © Oracle Corporation, 2002 All rights reserved Setting Resource Limits at . 14
Copyright © Oracle Corporation, 2002. All rights reserved.
Managing Password Security
and Resources
14-2
Copyright © Oracle Corporation, 2002. All rights. rights reserved.
User
Password
expiration
and aging
Password
verification
Password
history
Account
locking
Setting up
profiles
Password Management
14-6
Copyright
Ngày đăng: 06/03/2014, 17:20
Xem thêm: Managing Password Security and Resources pot, Managing Password Security and Resources pot