oracle设置口令期限,[20180316]改变oracle用户口令时限.txt

[20180316]改变oracle用户口令时限.txt

--//昨天看了一篇blog,Stop password for user accounts expiring on Exadata,链接:

--//https://blog.zeddba.com/2018/03/14/stop-password-for-user-accounts-expiring-on-exadata/

--//里面提到oracle用户的口令时限,关于这个问题实际上我已经在以前遭遇到这个问题.直接结果导出

--//cron无法正常运行,自己也做一个记录:

#  chage -l oracle

Last password change                                    : Aug 21, 2015

Password expires                                        : May 16, 2018

Password inactive                                       : never

Account expires                                         : never

Minimum number of days between password change          : 1

Maximum number of days between password change          : 999

Number of days of warning before password expires       : 7

--//实际上我已经修改过1次,要到2018/5/16号到期.

SCOTT@book> select to_date('2015/8/21','yyyy/mm/dd')+999 dd from dual ;

DD

-------------------

2018-05-16 00:00:00

--//正好一致.可以看看grid用户,我没有修改的情况:

#  chage -l grid

Last password change                                    : Oct 10, 2014

Password expires                                        : Jul 05, 2017

Password inactive                                       : never

Account expires                                         : never

Minimum number of days between password change          : 1

Maximum number of days between password change          : 999

Number of days of warning before password expires       : 7

--//可以发现grid用户口令早已经到期.作者提供修改建议:

The manual page for chage explains the switches:

-d, --lastday LAST_DAY

Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in

the format YYYY-MM-DD (or the format more commonly used in your area). If the LAST_DAY is set to 0 the user is forced

to change his password on the next log on.

-E, --expiredate EXPIRE_DATE

Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date

may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is

locked must contact the system administrator before being able to use the system again.

Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.

-m, --mindays MIN_DAYS

Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the

user may change his/her password at any time.

-M, --maxdays MAX_DAYS

Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current

day, the user will be required to change his/her password before being able to use his/her account. This occurrence can

be planned for in advance by use of the -W option, which provides the user with advance warning.

Passing the number -1 as MAX_DAYS will remove checking a password's validity.

#  chage -d 9999 -E -1 -m 0 -M -1 oracle

#  chage -l oracle

Last password change                                    : May 18, 1997

Password expires                                        : never

Password inactive                                       : never

Account expires                                         : never

Minimum number of days between password change          : 0

Maximum number of days between password change          : -1

Number of days of warning before password expires       : 7

--//这样永远不会到期.感到奇怪的-d参数:

-d, --lastday LAST_DAY

Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in

the format YYYY-MM-DD (or the format more commonly used in your area). If the LAST_DAY is set to 0 the user is forced

to change his password on the next log on.

SCOTT@book> select to_date('1970/1/1','yyyy/mm/dd')+9999 dd from dual ;

DD

-------------------

1997-05-18 00:00:00

--//实际上这些与安全等保相互矛盾的.我不知道我们团队是否知道.其实我上次已经跟实施等保人员讲了这方面问题.

--//我不知道我们团队的开发如何监测与管理的,对于这样的团队真心失望.

--//你要限制口令时限,必须要知道它可能带来的后果.