0
点赞
收藏
分享

微信扫一扫

数据链路层(四)---PPP协议的工作状态

场景:云上的一个测试用数据库环境,默认启用了复杂度验证。

我的示例用户是ssb,但是过了一段时间,口令过期了,需要重置口令。

我想重用第一次设置的复杂口令,但报错如下:

[oracle@xy23ai ~]$ sqlplus ssb/****@orclpdb1

SQL*Plus: Release 23.0.0.0.0 - for Oracle Cloud and Engineered Systems on Wed Dec 4 07:53:22 2024
Version 23.5.0.24.07

Copyright (c) 1982, 2024, Oracle.  All rights reserved.

ERROR:
ORA-28001: The account has expired. The password must be changed.
Help: https://docs.oracle.com/error-help/db/ora-28001/


Changing password for ssb
New password: <这里输入的是第一次设置的复杂口令>
Retype new password: <同上>
ERROR:
ORA-28007: The password cannot be reused.
Help: https://docs.oracle.com/error-help/db/ora-28007/


Password unchanged
Enter user-name:

其实禁用口令复杂度验证就一条命令,但我说下过程。

因为口令复杂度函数是和profile关联的,所以我需要查下ssb用户使用的profile:

SQL> select profile from dba_users where username = 'SSB';

PROFILE
--------------------------------------------------------------------------------
DEFAULT

结果显示是默认的profile:DEFAULT。然后查询此profile的限制,只查口令相关的:

select resource_name, limit from dba_profiles where profile = 'DEFAULT' and resource_type = 'PASSWORD'

RESOURCE_NAME                    LIMIT                                   
-------------------------------- ----------------------------------------
FAILED_LOGIN_ATTEMPTS            3                                       
PASSWORD_REUSE_MAX               5                                       
PASSWORD_VERIFY_FUNCTION         ORA12C_STRONG_VERIFY_FUNCTION           
PASSWORD_LIFE_TIME               60                                      
PASSWORD_REUSE_TIME              365                                     
PASSWORD_LOCK_TIME               1                                       
PASSWORD_GRACE_TIME              7                                       
INACTIVE_ACCOUNT_TIME            365                                     
PASSWORD_ROLLOVER_TIME           0                                       

9 rows selected. 

结果显示口令验证函数为ORA12C_STRONG_VERIFY_FUNCTION。

数据库支持哪几种口令验证函数,可以查询以下文件:

$ grep 'create or replace function' $ORACLE_HOME/rdbms/admin/catpvf.sql
create or replace function ora_complexity_check
create or replace function ora_string_distance
create or replace function ora12c_strong_verify_function
create or replace function ora12c_stig_verify_function

禁用口令验证函数并确认:

SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION NULL;

Profile altered.

SQL> select resource_name, limit from dba_profiles where profile = 'DEFAULT' and resource_type = 'PASSWORD' and resource_name = 'PASSWORD_VERIFY_FUNCTION'

RESOURCE_NAME                    LIMIT                                   
-------------------------------- ----------------------------------------
PASSWORD_VERIFY_FUNCTION         NULL      

这一次,重用之前的口令就成功了:

[oracle@xy23ai ~]$ sqlplus ssb/****@orclpdb1

SQL*Plus: Release 23.0.0.0.0 - for Oracle Cloud and Engineered Systems on Wed Dec 4 08:13:50 2024
Version 23.5.0.24.07

Copyright (c) 1982, 2024, Oracle.  All rights reserved.

ERROR:
ORA-28001: The account has expired. The password must be changed.
Help: https://docs.oracle.com/error-help/db/ora-28001/


Changing password for ssb
New password: <这里输入的是第一次设置的复杂口令>
Retype new password: <同上>
Password changed

Connected to:
Oracle Database 23ai EE Extreme Perf Release 23.0.0.0.0 - for Oracle Cloud and Engineered Systems
Version 23.5.0.24.07

参考

  • Security Guide: 3.2.6 Managing the Complexity of Passwords
举报

相关推荐

0 条评论