Oracle 11gR2创建PASSWORD_VERIFY_FUNCTION对应密码复杂度验证函数步骤
运行测试环境:数据库服务器Oracle Linux 5.8 + Oracle 11g R2数据库
相关工具:PL/SQL软件(连接Linux下的Oracle数据库),SecureCRT软件(远程连接Linux服务器)
详细步骤:
1、连接上Linux数据库服务器,切换到Oracle数据库用户桌面,打开终端,进入到环境变量$ORACLE_HOME目录
Last login: Fri Dec 11 13:26:18 2015 from 192.168.1.100
[root@Linux主机名 ~]# su - oracle
[oracle@Linux主机名 dbhome_1]$ cd $ORACLE_HOME/rdbms/admin
[oracle@Linux主机名 admin]$
2、查看Oracle11g数据库提供的默认密码复杂度函数脚本(Oracle安装目录下的/rdbms/admin/utlpwdmg.sql文件)
[oracle@Linux主机名 admin]$ cat $ORACLE_HOME/rdbms/admin/utlpwdmg.sql
脚本详细内容详见文章末尾
3、登录Oracle数据库并执行Oracle11g数据库提供的默认密码复杂度函数脚本
[oracle@Linux主机名 admin]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on Fri Dec 11 13:33:58 2015
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> conn /as sysdba
Connected.
SQL> @?/rdbms/admin/utlpwdmg.sql
Function created.
Profile altered.
Function created.
SQL>
4、在PL/SQL中创建用户的资源文件,执行下面语句
CREATE PROFILE 资源文件名 LIMIT
SESSIONS_PER_USER UNLIMITED
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL UNLIMITED
CONNECT_TIME UNLIMITED
IDLE_TIME 600 --10小时连续不活动的话系统自动断开连接
LOGICAL_READS_PER_SESSION UNLIMITED
LOGICAL_READS_PER_CALL UNLIMITED
COMPOSITE_LIMIT UNLIMITED
PRIVATE_SGA UNLIMITED
FAILED_LOGIN_ATTEMPTS 10 --指定锁定用户的登录失败次数为10次,超过10次则系统被自动锁定
PASSWORD_LIFE_TIME 180 --指定用户同一密码锁允许使用的天数为180天
PASSWORD_REUSE_TIME UNLIMITED
PASSWORD_REUSE_MAX UNLIMITED
PASSWORD_LOCK_TIME 1 --指定用户被锁定天数为1天
PASSWORD_GRACE_TIME 10 --数据库发出警告到登录失效前的宽限天数
PASSWORD_VERIFY_FUNCTION verify_function_11G
5、测试更新用户密码
--创建用户并使用自定义的配置文件
create user 用户名 identified by 密码 default tablespace 默认表空间名 temporary tablespace 临时表空间名 profile 资源文件名;
--用户授权
grant connect,resource,exp_full_database,imp_full_database to 用户名;
--更新用户密码为简单的字符串
alter user 用户名 identified by 123456;
--更新用户密码为复杂的字符串
alter user 用户名 identified by Csdn_20151211;
6、结论:发现简单密码无法更新,复杂的密码更新成功。
附:$ORACLE_HOME/rdbms/admin/utlpwdmg.sql脚本源文件内容
Rem
Rem $Header: utlpwdmg.sql 02-aug-2006.08:18:05 asurpur Exp $
Rem
Rem utlpwdmg.sql
Rem
Rem Copyright (c) 2006, Oracle. All rights reserved.
Rem
Rem NAME
Rem utlpwdmg.sql - script for Default Password Resource Limits
Rem
Rem DESCRIPTION
Rem This is a script for enabling the password management features
Rem by setting the default password resource limits.
Rem
Rem NOTES
Rem This file contains a function for minimum checking of password
Rem complexity. This is more of a sample function that the customer
Rem can use to develop the function for actual complexity checks that the
Rem customer wants to make on the new password.
Rem
Rem MODIFIED (MM/DD/YY)
Rem asurpur 05/30/06 - fix - 5246666 beef up password complexity check
Rem nireland 08/31/00 - Improve check for username=password. #1390553
Rem nireland 06/28/00 - Fix null old password test. #1341892
Rem asurpur 04/17/97 - Fix for bug479763
Rem asurpur 12/12/96 - Changing the name of password_verify_function
Rem asurpur 05/30/96 - New script for default password management
Rem asurpur 05/30/96 - Created
Rem
-- This script sets the default password resource parameters
-- This script needs to be run to enable the password features.
-- However the default resource parameters can be changed based
-- on the need.
-- A default password complexity function is also provided.
-- This function makes the minimum complexity checks like
-- the minimum length of the password, password not same as the
-- username, etc. The user may enhance this function according to
-- the need.
-- This function must be created in SYS schema.
-- connect sys/<password> as sysdba before running the script