[1778269 views]

[]

Odi's astoundingly incomplete notes

New entries | Code

Disable Oracle's password expiry

 Unlike older releases, Oracle 11g sets password expiry by default. That's really annyoing
So let's get rid of these annoyances with:
ALTER PROFILE DEFAULT LIMIT
  FAILED_LOGIN_ATTEMPTS UNLIMITED
  PASSWORD_LIFE_TIME UNLIMITED;
And also let's turn off the default auditing:
NOAUDIT ALL;
DELETE FROM SYS.AUD$;


posted on 2008-10-03 18:26 UTC in Code | 14 comments | permalink
You have my vote on that one, managing SAP systems where no one ever physically signs on as the schema owner. Just used by SAP to connect using an encrypted password in a table.
First anyone knows there is a problem is when the SAP system stops.

Pain in the proverbial.

Brian Jones
Hold on... SAP is not a database.

Since you are talking about applications, Oracle Applications uses the same scheme you mentioned for passwords as in SAP (at the application level).
create a new profile that is set as you want it to be and assign the application and system users to that profile. Then you can configure the default pofile to enforce password management standards for end users. I've been doing his since v8i.
kbork
Agree SAP is not a database but it connects to Oracle with a standard user which if it has expiry set no one will know the pw has expired until the user is locked because no one will see the warnings and then SAP stops.
Brian
Oh, thank you so much. This really got us in trouble. What a stupid idea!
Although the language may be disputable the facts are stated in the clearest of manners.

Thanks very much

Thanassis
I shout out the one word. Hell yeah, thats what im searched for a long time. It solved exactly that Problem for my PeopleSoft Appservers.

Thanxs Man

Regards Zoebi
interesting: I'm not SAP experienced, instead PeopleSoft. But from this thread SAP implements "users" in a similar if not identical manner as peoplesoft. That is to say Users are defined within the APPLICATION, not at the oracle user level.

Oracl User 'people' is used to validate a peoplesoft user id... And then and only then is the peoplesoft user connect id switched over to the oracle account that actually owns the application and program code tables.

In short, apparently just like SAP, application users are never setup as oracle users.

And when the people id expires, etc, then all background processing most definitely croaks and with very misleading error information
I just spent a day trying to figure out why my app wouldn't run. Finally found that the Db user could not log on, app is like SAP where it uses a default user for the Db where users are controlled at app level. I hate it when vendors start making rules for you, where the rule was there if you wanted to use it. Windows does this stuff as well, drives me nuts.
Thanks for the info!
thanks for the very helpful post! =D
Thanks for this post!!
Thanks,
JerryQ
Thanks! V2Aso
Thanks,Very helpful post :)