¡¡¡¡µ«ÊÇ£¬¾¹ý²âÊÔ£¬·¢ÏÖOracleµÄADMINISTRATOR GUIDEÀïÃæµÄÃèÊöÊÇ´íÎóµÄ£¬ÎÒ²éÔÄÁËÒ»ÏÂMETALINK£¬METALINKÉϵÄһƪÎÄÕÂËäÈ»¶ÔÕâÁ½¸ö²ÎÊý½øÐÐÁ˱ȽÏÏêϸµÄ˵Ã÷£¬µ«ÊÇÈÔÈ»ÓÐÒ»²¿·ÖÃèÊöÊÇ´íÎó¡£
¡¡¡¡PASSWORD_REUSE_TIMEÊÇÖØÓÃÃÜÂëµÄ×îСʱ¼ä¼ä¸ô£¬µ¥Î»ÊÇÌì¡£¿ÉÒÔ¸ø³öÕûÊý»ò·ÖÊý£¬Èç1/1440±íʾ1·ÖÖÓ£¨³öÓÚЧÂʵĿ¼ÂÇ£¬oracle²»»áÿ·ÖÖÓ¶¼È¥½øÐмì²é£¬Ò»°ãÀ´Ëµ£¬ÓÐ5·ÖÖÓ×óÓÒµÄÎó²î£¬Òò´ËÈç¹ûÕâ¸öÊýСÓÚ1/144ÔòûÓжà´óµÄÒâÒ壩¡£
¡¡¡¡PASSWORD_REUSE_MAXÊÇÖØÓÃÃÜÂëÇ°¸ü»»ÃÜÂëµÄ×îС´ÎÊý¡£ÕâÁ½Ïî±¾ÉíûÓÐÈκÎÒìÒ飬¹Ø¼üÊÇÁ½ÏîÈçºÎÅäºÏʹÓ᣿ÉÒÔ·ÖΪ3ÖÖÇé¿ö½øÐÐÃèÊö£º
Ò»¡¢PASSWORD_REUSE_MAXºÍPASSWORD_REUSE_TIME¶¼ÎªUNLIMITED
¡¡¡¡ÕâʱÃÜÂë¿ÉÒÔÈÎÒâÖØÓã¬Ã»ÓÐÏÞÖÆÕâÒ²ÊÇDEFAULT profileµÄĬÈÏÖµ¡£µ±ÕâÁ½ÏΪUNLIMITEDʱ£¬ÈÏΪÕâÁ½¸ö²ÎÊýûÓÐʹÓã¬Òò´Ë£¬ÃÜÂëÖØÓÃûÓÐÈκÎÏÞÖÆ¡£
ÒýÓÃ:SQL> create profile prof_test limit password_reuse_max unlimited
2password_reuse_time unlimited;
ÅäÖÃÎļþÒÑ´´½¨
SQL> create user test identified by test profile prof_test;
Óû§ÒÑ´´½¨
SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
¶þ¡¢PASSWORD_REUSE_MAXºÍPASSWORD_REUSE_TIMEÖÐÓÐÒ»¸öΪUNLIMITED£¬ÁíÒ»¸öΪÆäËûÖµ¡£
¡¡¡¡Õâ¸öʱºòÄãµÄÃÜÂ뽫ÓÀÔ¶ÎÞ·¨ÖØÓá£
¡¡¡¡¿´¿´administrator guideÉÏÊÇÔõô˵µÄ£º
ÒýÓÃ:Use the CREATE PROFILE statement to specify a time interval during which users
cannot reuse a password. In the following statement, a profile is defined where
the PASSWORD_REUSE_TIME clause specifies that the user cannot reuse the
password
for 60 days.
CREATE PROFILE prof LIMIT
PASSWORD_REUSE_TIME 60
PASSWORD_REUSE_MAX UNLIMITED;
In the next statement, the PASSWORD_REUSE_MAX clause specifies that the number
of password changes the user must make before the current password can be used
again is three.
CREATE PROFILE prof LIMIT
PASSWORD_REUSE_MAX 3
PASSWORD_REUSE_TIME UNLIMITED;
Note: If you specify PASSWORD_REUSE_TIME or PASSWORD_REUSE_MAX, you must set
the other to UNLIMITED or not specify it at all.
¡¡¡¡Îĵµ¸æËßÎÒÃÇ£¬Ö»Ê¹ÓÃÆäÖÐÒ»¸ö£¬°ÑÁíÍâÒ»¸öÉèÖÃΪUNLIMITED£¬µ«ÊÇÕâÊDz»ÕýÈ·µÄ£¬ÕâÑù»áµ¼ÖÂÄãµÄÃÜÂëÓÀÔ¶ÎÞ·¨ÖØÓá£
ÒýÓÃ:SQL> alter profile prof_test limit password_reuse_max 3;
ÅäÖÃÎļþÒѸü¸Ä
SQL> select resource_name, limit from dba_profiles
2where profile = 'PROF_TEST' and resource_type = 'PASSWORD';
RESOURCE_NAMELIMIT
-------------------------------- ----------------------------------------
FAILED_LOGIN_ATTEMPTSDEFAULT
PASSWORD_LIFE_TIMEDEFAULT
PASSWORD_REUSE_TIMEUNLIMITED
PASSWORD_REUSE_MAX3
PASSWORD_VERIFY_FUNCTIONDEFAULT
PASSWORD_LOCK_TIMEDEFAULT
PASSWORD_GRACE_TIMEDEFAULT
ÒÑÑ¡Ôñ7ÐС£
SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
SQL> alter user test identified by test;
alter user test identified by test
*
ERROR λÓÚµÚ 1 ÐÐ:
ORA-28007: ÎÞ·¨ÖØÐÂʹÓÿÚÁî
SQL> alter user test identified by t1;
Óû§ÒѸü¸Ä¡£
SQL> alter user test identified by t2;
Óû§ÒѸü¸Ä¡£
SQL> alter user test identified by t3;
Óû§ÒѸü¸Ä¡£
SQL> alter user test identified by test;
alter user test identified by test
*
ERROR λÓÚµÚ 1 ÐÐ:
ORA-28007: ÎÞ·¨ÖØÐÂʹÓÿÚÁî
¡¡¡¡ÐÞ¸Äprofileºó£¬Ö»¶ÔtestÓû§µÄºóÐø²Ù×÷ÓÐЧ£¬µÚÒ»´Î¿ÉÒÔÐÞ¸ÄÃÜÂëΪtestÊÇÒòΪoracleûÓмǼ³õʼÃÜÂ룬¶øµÚ¶þ´ÎÐ޸ľͻáʧ°Ü£¬ÒòΪÃÜÂëÒѾ²»ÄÜÖØÓÃÁË¡£
¡¡¡¡¸ù¾ÝÎĵµ£¬ÎÒÃÇÖ»ÐèÒªÐÞ¸ÄÃÜÂëÈý´Î£¬¾Í¿ÉÒÔÖØÓ㬵«ÊDzâÊԵĽá¹ûÈ·ÊÇÃÜÂëÎÞ·¨ÔÚÖØÓá£
ÒýÓÃ:SQL> alter profile prof_test limit password_reuse_max unlimited;
ÅäÖÃÎļþÒѸü¸Ä
SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
SQL> alter profile prof_test limit password_reuse_time 1/144;
ÅäÖÃÎļþÒѸü¸Ä
SQL> select resource_name, limit from dba_profiles
2where profile = 'PROF_TEST' and resource_type = 'PASSWORD';
RESOURCE_NAMELIMIT
-------------------------------- ----------------------------------------
FAILED_LOGIN_ATTEMPTSDEFAULT
PASSWORD_LIFE_TIMEDEFAULT
PASSWORD_REUSE_TIME.0069
PASSWORD_REUSE_MAXUNLIMITED
PASSWORD_VERIFY_FUNCTIONDEFAULT
PASSWORD_LOCK_TIMEDEFAULT
PASSWORD_GRACE_TIMEDEFAULT
ÒÑÑ¡Ôñ7ÐС£
SQL> set time on
16:47:29 SQL> alter user test identified by test;
alter user test identified by test
*
ERROR λÓÚµÚ 1 ÐÐ:
ORA-28007: ÎÞ·¨ÖØÐÂʹÓÿÚÁî
16:47:48 SQL>
16:48:23 SQL>
16:59:45 SQL> alter user test identified by test;
alter user test identified by test
*
ERROR λÓÚµÚ 1 ÐÐ:
ORA-28007: ÎÞ·¨ÖØÐÂʹÓÿÚÁî
16:59:59 SQL>
17:07:32 SQL> alter user test identified by test;
alter user test identified by test
*
ERROR λÓÚµÚ 1 ÐÐ:
ORA-28007: ÎÞ·¨ÖØÐÂʹÓÿÚÁî
17:07:40 SQL> set time off
¡¡¡¡ÐÞ¸ÄPASSWORD_REUSE_TIMEΪ1/144£¬Ò²¾ÍÊÇ˵´ó¸Å10·ÖÖÓµÄʱ¼ä£¬¿¼ÂǵÄoracleµÄÎó²î£¬ÎÒÃÇÔÚ10·ÖÖÓºÍ20·ÖÖÓºó·Ö±ð½øÐвâÊÔ¡£½á¹û·¢ÏÖÃÜÂëÈÔÈ»ÎÞ·¨ÖØÓá£
Èý¡¢PASSWORD_REUSE_MAXºÍPASSWORD_REUSE_TIME¶¼²»ÎªUNLIMITED¡£
¡¡¡¡ÕâʱֻÐèÂú×ãÈÎÒâÒ»¸öÌõ¼þ¾Í¿ÉÒÔÖØÓÃÃÜÂë
¡¡¡¡MetalinkÉϵÄÎÄÕÂÔÚÕâÀïÃèÊöÓÐÎó£¬ÃÜÂëÖØÓò»ÐèҪͬʱÂú×ãÁ½¸öÌõ¼þ£¬Ö»ÒªÂú×ãÒ»¸ö¼È¿É¡£
ÒýÓÃ:SQL> alter profile prof_test limit password_reuse_time unlimited;
ÅäÖÃÎļþÒѸü¸Ä
SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
SQL> alter profile prof_test limit
2password_reuse_max 3 password_reuse_time 1/144;
ÅäÖÃÎļþÒѸü¸Ä
SQL> set time on
17:11:30 SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
17:11:47 SQL> alter user test identified by test;
alter user test identified by test
*
ERROR λÓÚµÚ 1 ÐÐ:
ORA-28007: ÎÞ·¨ÖØÐÂʹÓÿÚÁî
17:11:56 SQL> alter user test identified by t1;
Óû§ÒѸü¸Ä¡£
17:12:06 SQL> alter user test identified by t2;
Óû§ÒѸü¸Ä¡£
17:12:12 SQL> alter user test identified by t3;
Óû§ÒѸü¸Ä¡£
17:12:19 SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
17:12:50 SQL>
17:13:45 SQL> alter user test identified by test;
alter user test identified by test
*
ERROR λÓÚµÚ 1 ÐÐ:
ORA-28007: ÎÞ·¨ÖØÐÂʹÓÿÚÁî
17:13:55 SQL>
17:14:00 SQL>
17:32:14 SQL> alter user test identified by test;
Óû§ÒѸü¸Ä¡£
¡¡¡¡µÚÒ»´ÎÖØÓÃtestÃÜÂë²Å¹ýÁË1·ÖÖÓ×óÓÒ£¬¶øÔÚµÚ¶þ´ÎÖØÓÃtestÃÜÂë֮ǰ²¢Ã»ÓÐʹÓùýÆäËûÃÜÂë¡£¿É¼û£¬Ö»ÐèÂú×ãPASSWORD_REUSE_MAXºÍPASSWORD_REUSE_TIMEÖеÄÈÎÒâÒ»¸öÌõ¼þ¾Í¿ÉÒÔ¡£