Oracle 賬號 EXPIRED(GRACE) 意義-拾億

Haoword_wang發表於2021-02-08

系統環境:Red Hat Enterprise Linux Server release 7.5 (Maipo)

資料庫版本:SQL*Plus: Release 19.0.0.0.0 - Production  Version 19.7.0.0.0

資料庫:PDB

關於oracle狀態官方解釋如下:

ACCOUNT_STATUS:
Account status:
OPEN
 The account is open.
EXPIRED
 The password for the account is expired, either because the PASSWORD_LIFE_TIME limit was reached or because the password was expired by the ALTER USER ... PASSWORD EXPIRE command. The user can log in with the expired password, then change the password.
EXPIRED(GRACE)
 The password for the account is expired because the PASSWORD_LIFE_TIME limit was reached, but the password change grace period (PASSWORD_GRACE_TIME) has not yet elapsed. The user can log in with the expired password, but will receive an ORA-28002 warning as a reminder that the password must soon be changed. If the PASSWORD_GRACE_TIME elapses, the user can log in with the expired password, then change the password.
LOCKED
 The account is locked, either by the ALTER USER ... ACCOUNT LOCK command, or because the number of consecutive failed login attempts exceeded the FAILED_LOGIN_ATTEMPTS limit and the value of PASSWORD_LOCK_TIME is UNLIMITED. The account can be unlocked by the ALTER USER ... ACCOUNT UNLOCK command.
LOCKED(TIMED)
 The account is locked because the number of consecutive failed login attempts exceeded the FAILED_LOGIN_ATTEMPTS limit and the PASSWORD_LOCK_TIME has not yet elapsed. The account can be unlocked either by the ALTER USER ... ACCOUNT UNLOCK command or by waiting until the PASSWORD_LOCK_TIME has elapsed.
EXPIRED & LOCKED
 The password for the account is expired, as described for the EXPIRED account status, and the account is locked as described for the LOCKED account status. The account can first be unlocked as described for the LOCKED account status, then the password can be changed as described for the EXPIRED account status.
EXPIRED(GRACE) & LOCKED
 The password for the account is expired, as described for the EXPIRED(GRACE) account status, and the account is locked as described for the LOCKED account status.
The account can first be unlocked as described for the LOCKED account status, then the password can be changed as described for the EXPIRED(GRACE) account status.

EXPIRED & LOCKED(TIMED)
 The password for the account is expired, as described for the EXPIRED account status, and the account is locked as described for the LOCKED(TIMED) account status. The account can first be unlocked as described for the LOCKED(TIMED) account status, then the password can be changed as described for the EXPIRED account status.
EXPIRED(GRACE) & LOCKED(TIMED)
The password for the account is expired, as described for the EXPIRED(GRACE) account status, and the account is locked as described for the LOCKED(TIMED) account status. The account can first be unlocked as described for the LOCKED(TIMED) account status, then the password can be changed as described for the EXPIRED(GRACE) account status.
OPEN & IN ROLLOVER
 The account is in the password rollover period. The user can log in with either the earlier password or the new password. However, at the time the user logs in, the server recalculates whether the account is still in its password rollover period. If the password rollover period has elapsed, then the login will succeed only if the new password was specified, and the account status will change to OPEN.
EXPIRED & IN ROLLOVER
 The account is in the password rollover period and the password is expired as described for the EXPIRED account status. The user can log in with either the earlier password or the new password. However, at the time the user logs in, the server recalculates whether the account is still in its password rollover period. If the password rollover period has elapsed, then the login will succeed only if the new password was specified, and the account status will change to EXPIRED. After logging in, the user will be prompted to change the password.
LOCKED & IN ROLLOVER
 The account is in the password rollover period and is also locked as described for the LOCKED account status. The account can be unlocked as described for the LOCKED account status, after which the user can log in as described for the OPEN & IN ROLLOVER account status.
EXPIRED & LOCKED & IN ROLLOVER
 The account is in the password rollover period, its password is expired as described for the EXPIRED account status, and the account is locked as described for the LOCKED account status. The account can be unlocked as described for the LOCKED account status, after which the user can log in as described for the EXPIRED & IN ROLLOVER account status.
LOCKED(TIMED) & IN ROLLOVER
 The account is in the password rollover period and is also locked as described for the LOCKED(TIMED) account status. The account can be unlocked as described for the LOCKED(TIMED) account status, after which the user can log in with either the earlier password or the new password. However, at the time the user logs in, the server recalculates whether the account is still in its password rollover period. If the password rollover period has elapsed, then the login will succeed only if the new password was specified.
EXPIRED & LOCKED(TIMED) & IN ROL
 The account is in the password rollover period, its password is expired as described for the EXPIRED account status, and the account is locked as described for the LOCKED(TIMED) account status. The account can be unlocked as described for the LOCKED(TIMED) account status, after which the user can log in as described for the EXPIRED & IN ROLLOVER account status.


此次我們只測試資料庫使用者狀態 OPEN 和 EXPIRED(GRACE) 的expiry_date的意義

測試使用者的PROFILE:

測試賬號:TEST,SKY

現象:

我們設定的PRO_COMMON_USER 的PASSWORD_LIFE_TIME 為3天,PASSWORD_GRACE_TIME 為10天,但通過dba_users 檢視發現:

賬號SJY 是 open,同時 EXPIRY_DATE 是2021-02-10 18:21:38,而上一次密碼調整時間(此次為建立時間)2021-02-07 18:21:38,時間正好是3天;

賬號TEST 狀態是 EXPIRED(GRACE), EXPIRY_DATE 是2021-02-17 22:10:01,上一次密碼調整時間(此次為建立時間)2021-02-03 5:05:51,而時間是13天左右(此時不做時分秒的差異解釋)

解釋:

當資料庫賬號狀態不同的時候,他的時間列的意義是不同的

當狀態為OPEN 的時候是記錄資料庫過期的時間,即PASSWORD_LIFE_TIME;

當狀態為 EXPIRED(GRACE)的時候是記錄資料庫過期的時間加密碼提示過期時間,即PASSWORD_LIFE_TIME+PASSWORD_GRACE_TIME;


關於賬號TEST時分秒的時間差異是由於我再測試的時候22:10:01 調整了資料庫profile 屬性PASSWORD_LIFE_TIME,所以觸發了新的時間戳!


此次只是個人的一個測試,有不足地方,歡迎大家討論!

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26342786/viewspace-2756756/,如需轉載,請註明出處,否則將追究法律責任。

相關文章