Oracle 11g enabling PASSWORD EXPIRE for DEFAULT profile

Yesterday I found out when I logged into Oracle Enterprise Manager and after bringing up my Database instance, that I had to change the password for the following users: SYS, SYSTEM, SYSMAN, DBSNMP and MGMT_VIEW because they were expired.

They all have in common that they belong to the DEFAULT profile.

Checking the relevant settings of the DEFAULT profile in my Oracle 11g Database instance I have running on Solaris 10 we have:


auyantepui% uname -a
SunOS auyantepui 5.10 Generic_139555-08 sun4u sparc SUNW,Sun-Blade-1000
auyantepui% cat /etc/release
Solaris 10 5/09 s10s_u7wos_08 SPARC
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 30 March 2009
auyantepui% id
uid=100(oracle) gid=102(oinstall)
auyantepui% sqlplus /nolog

SQL*Plus: Release 11.1.0.6.0 - Production on Mon Nov 23 15:03:08 2009

Copyright (c) 1982, 2007, Oracle. All rights reserved.

SQL> CONNECT / AS SYSDBA
Connected.
SQL> set linesize 120
SQL> SELECT * FROM dba_profiles
2 WHERE resource_type='PASSWORD'
3 AND profile='DEFAULT';

PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7

7 rows selected.

SQL>


So we can see the password for a user with the DEFAULT profile expires after 180 days.

This can be a nuisance for applications running in a J2EE Application Server where you can have a Data Source configured and residing in an Oracle 11g Database. This could also represent a problem if you have an Oracle 11g Database instance managed by the Sun Cluster 3.X Data Service Agent which does some regular probing to check for the health of the Database.

The way to get rid of this PASSWORD EXPIRE would be:


SQL> ALTER PROFILE default LIMIT
2 FAILED_LOGIN_ATTEMPTS unlimited
3 PASSWORD_LIFE_TIME unlimited;

Profile altered.

SQL> SELECT * FROM dba_profiles
2 WHERE resource_type='PASSWORD'
3 AND profile='DEFAULT';

PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7

7 rows selected.

SQL>


By setting PASSWORD_LIFE_TIME to UNLIMITED we solved this nuisance of having to change the password for SYS and SYSTEM every 180 days.

Also FAILED_LOGIN_ATTEMPTS has been set to UNLIMITED because you don't want to take any chances and minimize the risk of getting an application locked out.

Dual Boot Windows and Linux

I have a Gateway Pentium 4 based PC with 2 80 GB IDE Disk Drives:

• In the First Drive I have Microsoft Windows XP installed.
• In the Second Drive I have installed Red Hat Enterprise Linux 5.4.

Instead of going all the time to update the BIOS when I want to boot a different OS than the one I am currently using, I decided to set my Second Drive as the Master IDE Disk Drive and I use Grub to choose the OS I want to work with when I power on my PC.

This is the entry I needed to add to /boot/grub/grub.conf:


title Microsoft Windows XP
map (hd0) (hd1)
map (hd1) (hd0)
root (hd1,0)
chainloader +1


I had to do this because Windows XP does not boot from the Second IDE Disk Drive.

Grub sees hd0 as the First Disk Drive connected to the system.

With the map option the order is changed in order to boot Windows XP from Grub.

This is how the complete file looks like:


[root@cotopaxi grub]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
[root@cotopaxi grub]# cat /proc/version
Linux version 2.6.18-164.2.1.el5 (mockbuild@x86-004.build.bos.redhat.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Mon Sep 21 04:37:51 EDT 2009
[root@cotopaxi grub]# pwd
/boot/grub
[root@cotopaxi grub]# ls
device.map ffs_stage1_5 iso9660_stage1_5 minix_stage1_5 stage1 vstafs_stage1_5
e2fs_stage1_5 grub.conf jfs_stage1_5 reiserfs_stage1_5 stage2 xfs_stage1_5
fat_stage1_5 grub.conf.original menu.lst splash.xpm.gz ufs2_stage1_5
[root@cotopaxi grub]# cat grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/hdb
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.18-164.2.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.2.1.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.2.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-164.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.el5.img
title Red Hat Enterprise Linux Server (2.6.18-128.7.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.7.1.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-128.7.1.el5.img
title Other
rootnoverify (hd1,0)
chainloader +1
title Microsoft Windows XP
map (hd0) (hd1)
map (hd1) (hd0)
root (hd1,0)
chainloader +1
[root@cotopaxi grub]#


Cloud Computing in Plain English

Pretty straight forward video explaining Cloud Computing.