个人中心
gpt4 book ai didi

oracle - 将Oracle用户帐户状态从EXPIRE(GRACE)更改为OPEN

转载 作者:行者123 更新时间:2023-12-03 12:01:48 28 4
gpt4 key购买 nike

收到消息Your password will be expired with in 7 days后,我将default配置文件的密码过期天数更改为UNLIMITED。但是某些用户的帐户状态仍保留在EXPIRE(GRACE)中。

是否可以在不重置密码的情况下将Oracle用户帐户状态从EXPIRE(GRACE)更改为OPEN

最佳答案

不,您不能在不重置密码的情况下直接将帐户状态从EXPIRE(GRACE)更改为OPEN。

documentation说:

If you cause a database user's password to expire with PASSWORD EXPIRE, then the user (or the DBA) must change the password before attempting to log into the database following the expiration.



但是,您可以通过将用户的密码哈希值重置为现有值来间接将状态更改为“打开”。不幸的是,将密码哈希设置为自身具有以下复杂性,并且几乎所有其他解决方案都至少忽略了以下问题之一:
  • 不同版本的Oracle使用不同类型的哈希。
  • 用户的个人资料可能会阻止重复使用密码。
  • 配置文件限制可以更改,但是我们必须在最后更改这些值。
  • 概要文件值并非易事,因为如果该值为DEFAULT,则它是DEFAULT概要文件值的指针。我们可能需要递归检查配置文件。

    • 以下荒谬的大PL / SQL块应处理所有这些情况。无论Oracle版本或配置文件设置如何,它都应使用相同的密码哈希将任何帐户重置为OPEN。并且配置文件将更改回原始限制。 
    --Purpose: Change a user from EXPIRED to OPEN by setting a user's password to the same value.
    --This PL/SQL block requires elevated privileges and should be run as SYS.
    --This task is difficult because we need to temporarily change profiles to avoid
    --  errors like "ORA-28007: the password cannot be reused".
    --
    --How to use: Run as SYS in SQL*Plus and enter the username when prompted.
    --  If using another IDE, manually replace the variable two lines below.
    declare
        v_username varchar2(128) := trim(upper('&USERNAME'));
        --Do not change anything below this line.
        v_profile                 varchar2(128);
        v_old_password_reuse_time varchar2(128);
        v_uses_default_for_time   varchar2(3);
        v_old_password_reuse_max  varchar2(128);
        v_uses_default_for_max    varchar2(3);
        v_alter_user_sql          varchar2(4000);
    begin
        --Get user's profile information.
        --(This is tricky because there could be an indirection to the DEFAULT profile.
        select
            profile,
            case when user_password_reuse_time = 'DEFAULT' then default_password_reuse_time else user_password_reuse_time end password_reuse_time,
            case when user_password_reuse_time = 'DEFAULT' then 'Yes' else 'No' end uses_default_for_time,
            case when user_password_reuse_max  = 'DEFAULT' then default_password_reuse_max  else user_password_reuse_max  end password_reuse_max,
            case when user_password_reuse_max  = 'DEFAULT' then 'Yes' else 'No' end uses_default_for_max
        into v_profile, v_old_password_reuse_time, v_uses_default_for_time, v_old_password_reuse_max, v_uses_default_for_max
        from
        (
            --User's profile information.
            select
                dba_profiles.profile,
                max(case when resource_name = 'PASSWORD_REUSE_TIME' then limit else null end) user_password_reuse_time,
                max(case when resource_name = 'PASSWORD_REUSE_MAX' then limit else null end) user_password_reuse_max
            from dba_profiles
            join dba_users
                on dba_profiles.profile = dba_users.profile
            where username = v_username
            group by dba_profiles.profile
        ) users_profile
        cross join
        (
            --Default profile information.
            select
                max(case when resource_name = 'PASSWORD_REUSE_TIME' then limit else null end) default_password_reuse_time,
                max(case when resource_name = 'PASSWORD_REUSE_MAX' then limit else null end) default_password_reuse_max
            from dba_profiles
            where profile = 'DEFAULT'
        ) default_profile;

        --Get user's password information.
        select
            'alter user '||name||' identified by values '''||
            spare4 || case when password is not null then ';' else null end || password ||
            ''''
        into v_alter_user_sql
        from sys.user$
        where name = v_username;

        --Change profile limits, if necessary.
        if v_old_password_reuse_time <> 'UNLIMITED' then
            execute immediate 'alter profile '||v_profile||' limit password_reuse_time unlimited';
        end if;

        if v_old_password_reuse_max <> 'UNLIMITED' then
            execute immediate 'alter profile '||v_profile||' limit password_reuse_max unlimited';
        end if;

        --Change the user's password.
        execute immediate v_alter_user_sql;

        --Change the profile limits back, if necessary.
        if v_old_password_reuse_time <> 'UNLIMITED' then
            if v_uses_default_for_time = 'Yes' then
                execute immediate 'alter profile '||v_profile||' limit password_reuse_time default';
            else
                execute immediate 'alter profile '||v_profile||' limit password_reuse_time '||v_old_password_reuse_time;
            end if;
        end if;

        if v_old_password_reuse_max <> 'UNLIMITED' then
            if v_uses_default_for_max = 'Yes' then
                execute immediate 'alter profile '||v_profile||' limit password_reuse_max default';
            else
                execute immediate 'alter profile '||v_profile||' limit password_reuse_max '||v_old_password_reuse_max;
            end if;
        end if;
    end;
    /

    关于oracle - 将Oracle用户帐户状态从EXPIRE(GRACE)更改为OPEN,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5521766/

    28 4 0
    文章推荐: clojure - Clojure如何处理关注点分离?
    文章推荐: wpf - 将列表框项内的命令绑定(bind)到 View 模型父级上的属性
    文章推荐: swing - 如何在NetBeans中删除actionPerformed方法
    文章推荐: jsf - JSF号码验证
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com