Monday, November 23, 2009

Oracle 11g enabling PASSWORD EXPIRE for DEFAULT profile

Yesterday I found out when I logged into Oracle Enterprise Manager and after bringing up my Database instance, that I had to change the password for the following users: SYS, SYSTEM, SYSMAN, DBSNMP and MGMT_VIEW because they were expired.

They all have in common that they belong to the DEFAULT profile.

Checking the relevant settings of the DEFAULT profile in my Oracle 11g Database instance I have running on Solaris 10 we have:


auyantepui% uname -a
SunOS auyantepui 5.10 Generic_139555-08 sun4u sparc SUNW,Sun-Blade-1000
auyantepui% cat /etc/release
Solaris 10 5/09 s10s_u7wos_08 SPARC
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 30 March 2009
auyantepui% id
uid=100(oracle) gid=102(oinstall)
auyantepui% sqlplus /nolog

SQL*Plus: Release 11.1.0.6.0 - Production on Mon Nov 23 15:03:08 2009

Copyright (c) 1982, 2007, Oracle. All rights reserved.

SQL> CONNECT / AS SYSDBA
Connected.
SQL> set linesize 120
SQL> SELECT * FROM dba_profiles
2 WHERE resource_type='PASSWORD'
3 AND profile='DEFAULT';

PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7

7 rows selected.

SQL>


So we can see the password for a user with the DEFAULT profile expires after 180 days.

This can be a nuisance for applications running in a J2EE Application Server where you can have a Data Source configured and residing in an Oracle 11g Database. This could also represent a problem if you have an Oracle 11g Database instance managed by the Sun Cluster 3.X Data Service Agent which does some regular probing to check for the health of the Database.

The way to get rid of this PASSWORD EXPIRE would be:


SQL> ALTER PROFILE default LIMIT
2 FAILED_LOGIN_ATTEMPTS unlimited
3 PASSWORD_LIFE_TIME unlimited;

Profile altered.

SQL> SELECT * FROM dba_profiles
2 WHERE resource_type='PASSWORD'
3 AND profile='DEFAULT';

PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7

7 rows selected.

SQL>


By setting PASSWORD_LIFE_TIME to UNLIMITED we solved this nuisance of having to change the password for SYS and SYSTEM every 180 days.

Also FAILED_LOGIN_ATTEMPTS has been set to UNLIMITED because you don't want to take any chances and minimize the risk of getting an application locked out.

Dual Boot Windows and Linux

I have a Gateway Pentium 4 based PC with 2 80 GB IDE Disk Drives:

  • In the First Drive I have Microsoft Windows XP installed.
  • In the Second Drive I have installed Red Hat Enterprise Linux 5.4.

Instead of going all the time to update the BIOS when I want to boot a different OS than the one I am currently using, I decided to set my Second Drive as the Master IDE Disk Drive and I use Grub to choose the OS I want to work with when I power on my PC.

This is the entry I needed to add to /boot/grub/grub.conf:


title Microsoft Windows XP
map (hd0) (hd1)
map (hd1) (hd0)
root (hd1,0)
chainloader +1


I had to do this because Windows XP does not boot from the Second IDE Disk Drive.

Grub sees hd0 as the First Disk Drive connected to the system.

With the map option the order is changed in order to boot Windows XP from Grub.

This is how the complete file looks like:


[root@cotopaxi grub]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
[root@cotopaxi grub]# cat /proc/version
Linux version 2.6.18-164.2.1.el5 (mockbuild@x86-004.build.bos.redhat.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Mon Sep 21 04:37:51 EDT 2009
[root@cotopaxi grub]# pwd
/boot/grub
[root@cotopaxi grub]# ls
device.map ffs_stage1_5 iso9660_stage1_5 minix_stage1_5 stage1 vstafs_stage1_5
e2fs_stage1_5 grub.conf jfs_stage1_5 reiserfs_stage1_5 stage2 xfs_stage1_5
fat_stage1_5 grub.conf.original menu.lst splash.xpm.gz ufs2_stage1_5
[root@cotopaxi grub]# cat grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/hdb
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.18-164.2.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.2.1.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.2.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-164.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.el5.img
title Red Hat Enterprise Linux Server (2.6.18-128.7.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.7.1.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-128.7.1.el5.img
title Other
rootnoverify (hd1,0)
chainloader +1
title Microsoft Windows XP
map (hd0) (hd1)
map (hd1) (hd0)
root (hd1,0)
chainloader +1
[root@cotopaxi grub]#

Friday, November 13, 2009

Monday, February 09, 2009

XMLMark for UNIX like Operating Systems (Solaris, Linux, etc.)

Here is a simple shell script I wrote to run XMLMark in UNIX-like operating systems.

Tuesday, January 20, 2009

It's a Beautiful Day ...

Yes, indeed ... as the song from one of my favorite Rock and Roll bands U2's album "All That You Can't Leave Behind" it is a "Beautiful Day".


During the summer of 2004, at the time when the Democratic National Convention was held in Boston, Massachusetts to nominate John Kerry, I was on a Sea Touring Kayaking Trip up in Muscungus Bay off the Maine Coast for several days (By the way, Muscungus Bay is very pretty and the water so clear and pristine and you can see and paddle close to the Sea Lions swimming).

Anyway, in 2004 was my first time voting in a US Presidential Election, I became a US Citizen on September 18th 2001, exactly a week after the September 11th 2001 terrorist attacks on US soil, and I missed watching the DNC on TV.

Thanks to Steve Jobs and Apple, all the DNC speeches were posted in iTunes and I downloaded them all to my iPod to listen to them.

Of course, I was very eager to hear what Bill Clinton, Hillary Clinton, Jimmy Carter, Al Gore and John Kerry have to say, but what I didn't expect and really knock my socks off was Barack Obama's speech at the DNC. In my view this was one of the most powerful sentences in his Keynote speech:

"My parents shared not only an improbable love; they shared an abiding faith in the possibilities of this nation. They would give me an African name, Barack, or "blessed," believing that in a tolerant America, your name is no barrier to success."

I said to myself: WOW, this guy has a future and a lot of potential in the Democratic Party and in US politics. He reminded me of what I've seen, heard and read about JFK who was murdered on November 23rd 1963 before I was born.

Anyway, during the Democratic Primaries I supported and contributed to the campaign of Senator Hillary Rodham Clinton until the day she gave her concession speech endorsing Barack Obama and where one of the most powerful lines was:

"Although we weren’t able to shatter that highest, hardest glass ceiling this time, thanks to you, it’s got about 18 million cracks in it. And the light is shining through like never before, filling us all with the hope and the sure knowledge that the path will be a little easier next time. That has always been the history of progress in America. "

Well today I feel like what Frodo Baggins the Hobbit ring bearer in one of my favorite books "The Lord of The Rings" must have felt in the 3rd book of the trilogy "The Return of the King" when finally Sauron's ring was destroyed when Gollum fell down with it into the fires of Mount Doom thus saving Middle Earth and freeing it from all the Evil Darkness and Shadow coming from The Dark Lord Sauron in the tower of Barad Dur in Mordor.

By the way, I had tears in my eyes when I saw last Sunday on HBO U2's performance at the Lincoln Memorial and singing the song they wrote inspired by Martin Luther King Jr: "Pride (In The Name Of Love)".


Today Martin Luther King Jr.'s "I have a Dream" is coming full circle.

It's a "Beautiful Day"

:)

Saturday, January 17, 2009

I am glad there was no wind this morning

This morning when I left my house around 5:45 a.m. on my way to the pool for my Saturday morning 6:00 a.m. swimming workout, I was very glad there was no wind.

It was so cold. According to my truck the temperature outside was 5 Fahrenheit -15 Celsius and it didn't feel so bad.

On my way around 8:30 a.m. it was a bit warmer 9 Fahrenheit -12 Celsius.

I just hope this Arctic Blast could stop all the melting ice we have been having lately in the North Pole.

Monday, January 05, 2009

Sean Penn: Comeflor de Hollywood

I am stuck here at Singapore Airport for 6 hours on my way to NYC JFK coming from Hanoi, Vietnam after spending a Holiday vacation visiting Vietnam and Cambodia the last 3+ weeks.

In the Venezuelan jargon of the Universidad Simon Bolivar where I went to school "Comeflor" is a word to qualify somebody a bit of a utopist, lefty or an idealist.

I could not agree more with the column of Roger Cohen in the NYT.

Sean Penn seems to be like the maximum expression of the "Comeflores".