========phanx.com========
Author: phanx
Updated: 2013-8-2
转载请保留作者信息
=========================
Oracle 数据库从11g开始,用户默认有180天口令过期的策略。因此,没有修改口令策略的用户很容易就遇到因为口令过期就被锁定的情况。今天在检查一个11gR1库的用户就发现一个用户已经进入Grace状态了。
由于用户口令是上收了的,不能随便修改,否则会引起应用连接失败,因此必须使用同现有口令一致的口令来修改。
11g和以前版本保存口令密文的表发生了变化,无法直接由
- select username,password from dba_users;
获得口令密文从而使用alter user重置。11g中,如果安装时选择了使用11g新的安全策略,则dba_users中password列是空值,用户密码区分大小写,并使用SHA加密,密文可从 user$ 表中获得。
My Support上在文档 The Impact of PASSWORD_LIFE_TIME Database Profile Parameter Default to 180 Days on Network Charging and Control (文档 ID 1543668.1) 提供了11g口令重置的方法:
-
SQL> select username, profile, account_status from dba_users where username='TEST01';
-
-
USERNAME PROFILE ACCOUNT_STATUS
-
------------------------------ ------------------------------ --------------------------------
-
TEST01 DEFAULT EXPIRED
-
-
SQL> select sqltext from
-
(
-
select name, 'alter user '||name||' identified by values '''||password||''';' sqltext from user$ where spare4 is null and password is not null
-
union
-
select name, 'alter user '||name||' identified by values '''||spare4||';'||password||''';' sqltext from user$ where spare4 is not null and password is not null
-
) where name = 'TEST01';
-
-
SQLTEXT
-
-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
alter user TEST01 identified by values 'S:E4B813A6492A9810B4BEAC8FB16714EFB5E6692E80E0F6EF6522F82BA818;6894B93C1D1CA343';
-
-
SQL> --Copy & Paste the previous SQLTEXT in the next SQL transaction.
-
SQL> alter user TEST01 identified by values 'S:E4B813A6492A9810B4BEAC8FB16714EFB5E6692E80E0F6EF6522F82BA818;6894B93C1D1CA343';
-
-
SQL> --Now you can verify that the account_status has now been reset to OPEN
-
-
SQL> select username, profile, account_status from dba_users where username='TEST01';
-
-
USERNAME PROFILE ACCOUNT_STATUS
-
------------------------------ ------------------------------ --------------------------------
- TEST01 DEFAULT OPEN