FAILED_LOGIN_ATTEMPTS part 2
Ref: part 1
I reported this lack of documentation on http://forums.oracle.com/forums/thread.jspa?threadID=330359
Here is my test case (take care, it will create a new db!) :
I reported this lack of documentation on http://forums.oracle.com/forums/thread.jspa?threadID=330359
Here is my test case (take care, it will create a new db!) :
SQL> startup force quiet nomount;
ORACLE instance started.
SQL> create database controlfile reuse extent management
local default tablespace users default temporary tablespace temp
undo tablespace undotbs1;
Database created.
SQL> @?/rdbms/admin/catalog
SQL> @?/rdbms/admin/catproc
SQL> col username for a10
SQL> col PROFILE for a7
SQL> col LIMIT for a12
SQL> select username, profile, limit from dba_users join
dba_profiles using (profile)
where resource_name='FAILED_LOGIN_ATTEMPTS';
USERNAME PROFILE LIMIT
---------- ------- ------------
SYSTEM DEFAULT 10
SYS DEFAULT 10
TSMSYS DEFAULT 10
DIP DEFAULT 10
DBSNMP DEFAULT 10
OUTLN DEFAULT 10
9 Comments:
Does this mean that the policy violation recommendation for DBSNMP in 10.2: "Oracle recommends changing the parameter FAILED_LOGIN_ATTEMPTS in user profiles to no more than 10" should be ignored because it is already the case?
Ren
well, it is still a recommendation to not change the default to something less than 10 ;-)
For Oracle10gAS, would you recommend changing this parameter simply to avoid the alert from Grid Control? As you mentioned, the implication is that the account could be locked, and the whole system will be halted. One example is user 'ORASSO' ...
> the implication is that the account
> could be locked, and the whole
> system will be halted. One example
> is user 'ORASSO' ...
well, this is all about security. on the one hand you protect your data, on the other hand a process/user trying to log in with a wrong password is reducing the availability.
up to you...
Laurent,
Do you know if the failed attempts are 10 in a row or just 10 cumulatively?
Thanks.
10 in a row
SQL> grant create session to x identified by x;
Grant succeeded.
SQL> connect x/x
Connected.
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/x
Connected.
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/x
Connected.
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/y
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect x/x
ERROR:
ORA-28000: the account is locked
Is there a counter to see how many failed login attempts are made for an account?
select name,lcount from user$
Thanx
Guido
Post a Comment
<< Home