###############################################################################
###### 11g ######
###############################################################################
1、开启密码复杂度验证函数
sqlplus / as sysdba
@?/rdbms/admin/utlpwdmg.sql
alter profile default limit password_life_time unlimited;
ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED;
alter profile DEFAULT limit PASSWORD_LOCK_TIME UNLIMITED;
alter profile DEFAULT limit PASSWORD_GRACE_TIME UNLIMITED;
2、修改default profile的密码策略(实际上执行utlpwdmg.sql后自动修改PASSWORD_VERIFY_FUNCTION)
alter profile default limit PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;
3、新建system profile
create profile SYSTEM_PROFILE limit
PASSWORD_LIFE_TIME 60
PASSWORD_GRACE_TIME 90
PASSWORD_REUSE_MAX 5
PASSWORD_REUSE_TIME 60
PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;
4、修改sys、system用户profile
alter user sys profile SYSTEM_PROFILE;
alter user system profile SYSTEM_PROFILE;
5、验证
set line 300
col profile for a30
col RESOURCE_NAME for a32
col RESOURCE_TYPE for a13
col LIMIT for a30
col COMMON for a8
SELECT * FROM dba_profiles order by profile;
set line 300
col username for a30
col profile for a60
SELECT username,PROFILE FROM dba_users order by created;
###############################################################################
###### 12c ######
###############################################################################
1、开启密码复杂度验证函数(CDB和PDB都需要执行下面命令)
sqlplus / as sysdba
@?/rdbms/admin/utlpwdmg.sql
alter profile default limit password_life_time unlimited;
ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED;
alter profile DEFAULT limit PASSWORD_LOCK_TIME UNLIMITED;
alter profile DEFAULT limit PASSWORD_GRACE_TIME UNLIMITED;
2、修改default profile的密码策略(实际上执行utlpwdmg.sql后自动修改PASSWORD_VERIFY_FUNCTION)
alter profile default limit PASSWORD_VERIFY_FUNCTION ora12c_verify_function;
3、新建system profile(CDB执行)
create profile C##_SYSTEM_PROFILE limit
PASSWORD_LIFE_TIME 60
PASSWORD_GRACE_TIME 90
PASSWORD_REUSE_MAX 5
PASSWORD_REUSE_TIME 60
PASSWORD_VERIFY_FUNCTION ora12c_verify_function;
4、修改sys、system用户profile(CDB执行)
alter user sys profile C##_SYSTEM_PROFILE;
alter user system profile C##_SYSTEM_PROFILE;
5、验证(CDB和PDB都需要验证)
set line 300
col profile for a30
col RESOURCE_NAME for a32
col RESOURCE_TYPE for a13
col LIMIT for a30
col COMMON for a8
SELECT * FROM dba_profiles where profile in ('DEFAULT','C##_SYSTEM_PROFILE') order by profile;
set line 300
col username for a30
col profile for a60
SELECT username,PROFILE FROM dba_users order by created;
ora12c_verify_function:
This function is the new 12c password verify function.
It enforce a similar respectively slightly stronger password complexity as verify_function_11G.
verify_function_11G just checked for DB_NAME or ORACLE with 1 to 100 attached. e.g. oracle1 or oracle83.
With the new function DB_NAME or ORACLE may not be part of the password at all.
The following is verified:
Password at least 8 characters
at least 1 letters
at least 1 digits
must not contain database name
must not contain user name or reverse user name
must not contain oracle
must not be too simple like welcome1
password must differ by at least 3 characters from the old password
ora12c_strong_verify_function:
This function is provided to give stronger password complexity.
It considers recommendations of the Department of Defense Database (STIG) with the following limits.
Password at least 9 characters
at least 2 capital letters
at least 2 small letters
at least 2 digits
at least 2 special characters
password must differ by at least 4 characters from the old password