I have an oracle DB user in DBA_USERS table whose password is expiring in some future date.
I want to change the Profile of the user to the one which has non-expiring password.
If I Alter the profile of the user to the non expiring one, does the expiry date which was there in the DBA_USERS table for this user previously before altering the profile have any effect ?
Should i update the value in the expiry date column in DBA_USERS also to null.
Whenever password expiration date is created in the oracle for any user, it will not changed if you change the profile of the user.
Password expiration date is updated when you change the password of the user and new password expiration date is set according to the profile assigned to the user.
So you must have to perform following steps in order.
Assign the profile with non expiring password to the user.
Change the password of the user.(same or different password according to your requirement)
Then next password expiration date is changed according to new profile and that will be null/non expiring/unlimited
Related
I'm working on a website where a user is only allowed to have a single signed-in session. If a user attempts to authenticate to the website from more than one location the prior session is logged out.
The session information for a given user will be stored in Redis.
My current implementation uses two Redis databases. The first database stores session ID as the key and username as the value. The second database stores the username as the key and some other information including session ID as the value.
When a user logs in, the second Redis database is queried to find an existing session ID. If found, the old session is deleted, this would essentially force the user's old session to log out. After the old session is removed, we create another session in the first database and update the value of the session ID in the second database using the username as the key.
Here is a demonstration of this behavior using the "redis-cli":
redis-cli
select 2
get username
The website gets the session ID of the previous session and then generates a new session ID...
redis-cli
select 1
del old_session_id
set new_session_id username
select 2
set username new_session_id
This works, but I want to optimize it. In this solution, the website would query Redis twice because we have to get the old session id and delete it.
My question is: Can we combine the two queries?
My challenge is how to read the command get username result and automatically run del old_session_id against the Redis database.
Can anybody help me?
According to the SET documentation, you can add the GET option to write a key and get its old value. I would use this on database 2 first. If it returns an old session id, you can use RENAME to change the key name. If it doesn't return an old session id, you can just use another SET.
You should be able to get your setup to work with something like this:
redis-cli
select 2
set username new_session_id get
If that command returns a value, run this:
redis-cli
select 1
rename old_session_id new_session_id
If it does not return a value, run this:
redis-cli
select 1
set new_session_id username
I have created the following query to check the status on the PASSWORD_LIFE_TIME field from dba_profiles table.
How I ensured that the password never expires was to do this. Is the alter profile query correct?
ALTER PROFILE my_profile LIMIT PASSWORD_LIFE_TIME UNLIMITED;
select du.USERNAME,du.profile, dp.LIMIT
from dba_users du
left outer join dba_profiles dp on dp.PROFILE = du.PROFILE
where du.USERNAME = 'SYSTEM' and resource_name LIKE 'PASSWORD_LIFE_TIME';
The alter profile query is correct. The password for the profile my_profile never expires due to password life time. You need to assign the profile my_profile to the user system with alter user system profile my_profile;
I was looking into oracle database 11gR2 to verify the users who's days to expire comes to below 7 days and i have noticed few of the users expiry date are today but their account status is in open instead of Expired(Grace) and some users which passed the expiry date but still in open status.
USERNAME ACCOUNT_STATUS EXPIRY_DA PROFILE
------------------------------ -------------------------------- --------- ------------------------------
SYSTEM OPEN 27-JAN-16 DEFAULT
SYS OPEN 28-DEC-14 DEFAULT
ERERD OPEN 18-JAN-16 DEFAULT
ERFWSE OPEN 04-DEC-14 DEFAULT
SERFW OPEN 03-AUG-15 DEFAULT
DERSZFERSS OPEN 04-DEC-14 DEFAULT
My query is not helping in this case to find the users whose account will be expired. Can anyone help me with modifing the query such a way that it will only list out the users and their accounts genuinely will expiry by number of days?
select username, account_status, trunc(expiry_date-sysdate) days_to_expire
from dba_users
where expiry_date is not null and trunc(expiry_date-sysdate) >= 0;
Update
SQL> select * from dba_profiles where profile = 'DEFAULT' and resource_name = 'PASSWORD_LIFE_TIME';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
Your query is allright.
Password expiration date and account status are different things.
You can have an expired password user that will stay in open status while you try to connect to it.
If you have permission to change password you can then set a new password,
otherwise the user will be locked.
This means that if you're connecting with an application and the application doesn't check password expiration date the user will be locked
and if there isn't a connection the user will stay open.
There is no process that goes through accounts to reset their status vis a vis expiry date. The next time the user logs in the status will be updated accordingly
~~~H Otati
Currently i am using SQL Express edition 2012. I want to set sa account password as NULL (empty password). I can set the password as NULL and i can login with that. but after 3 hours password resets and then i cant login with null password.
Anyone can help how to disable the automatically reset password or how to increase the reset time. Thanks in Advance...
You will need to uncheck the "Check Password Policy" of the sa account or do something like the statement below.
ALTER LOGIN [sa] WITH CHECK_POLICY=OFF
The sa account by default enables the password policy enforcement which by design prevents null or empty passwords.
For more info: http://msdn.microsoft.com/en-IN/library/ms161959.aspx
As a side note, not sure why you want to disable policy enforcement on sa account. Best practice is usually just to disable the account altogether.
This question already has answers here:
How do I turn off Oracle password expiration?
(6 answers)
Closed 9 years ago.
There is some construction
ALTER USER scott PASSWORD EXPIRE
But how can I similair set password to unexpired state?
The following statement causes a user's password to expire:
ALTER USER user PASSWORD EXPIRE;
If you cause a database user's password to expire with PASSWORD EXPIRE, then the user (or the DBA) must change the password before attempting to log in to the database following the expiration. Tools such as SQL*Plus allow the user to change the password on the first attempted login following the expiration.
ALTER USER scott IDENTIFIED BY password;
Will set/reset the users password.
See the alter user doc for more info
If you create a user using a profile like this:
CREATE PROFILE my_profile LIMIT
PASSWORD_LIFE_TIME 30;
ALTER USER scott PROFILE my_profile;
then you can change the password lifetime like this:
ALTER PROFILE my_profile LIMIT
PASSWORD_LIFE_TIME UNLIMITED;
I hope that helps.
While applying the new profile to the user,you should also check for resource limits are "turned on" for the database as a whole i.e.RESOURCE_LIMIT = TRUE
Let check the parameter value.
If in Case it is :
SQL> show parameter resource_limit
NAME TYPE VALUE
------------------------------------ ----------- ---------
resource_limit boolean FALSE
Its mean resource limit is off,we ist have to enable it.
Use the ALTER SYSTEM statement to turn on resource limits.
SQL> ALTER SYSTEM SET RESOURCE_LIMIT = TRUE;
System altered.