測試環境:10.2.0.2.0
測試用戶:SCOTT
測試用的三組密碼:oracle1 oracle2 oracle3
PASSWORD_REUSE_TIME和PASSWORD_REUSE_MAX:這兩個參數必須互相關聯設置,password_reuse_time指定了密碼不能重用前的天數,而password_reuse_max則指定了當前密碼被重用之前密碼改變的次數。
總結兩者之間的規律:
(1)PASSWORD_REUSE_MAX,PASSWORD_REUSE_TIME都爲UNLIMITED,密碼可以隨意重用,沒有任何限制。
(2)PASSWORD_REUSE_MAX,PASSWORD_REUSE_TIME均爲指定值時,必須滿足這兩者的條件時纔可以重用密碼。
(3)當PASSWORD_REUSE_MAX,PASSWORD_REUSE_TIME兩個有其中一個不爲UNLIMITED,則密碼永遠不能重用。
以下爲驗證過程:
--確認SCOTT使用的DEFAULT profile SQL> select USERNAME from dba_users where PROFILE='DEFAULT' and USERNAME='SCOTT'; USERNAME ------------------------------ SCOTT
第一種情況,PASSWORD_REUSE_TIME,PASSWORD_REUSE_MAX值均爲UNLIMITED
SQL> select profile,limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_REUSE_TIME'; PROFILE LIMIT ------------------------------ ---------------------------------------- DEFAULT UNLIMITED SQL> select profile,limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_REUSE_MAX'; PROFILE LIMIT ------------------------------ ---------------------------------------- DEFAULT UNLIMITED --測試 SQL> alter user scott identified by oracle; User altered. SQL> / User altered. SQL> / User altered.
可以發現,用戶密碼可以不受限制的重用
第二種情況,PASSWORD_REUSE_TIME,PASSWORD_REUSE_MAX值均不爲UNLIMITED,這裏設定ASSWORD_REUSE_TIME 1/1440表示一分鐘後可以重用,PASSWORD_REUSE_MAX 1表示密碼更新過一次即可重用。
SQL> alter profile DEFAULT limit PASSWORD_REUSE_MAX 1; Profile altered. SQL> alter profile DEFAULT limit PASSWORD_REUSE_TIME 1/1440; Profile altered. --測試 SQL> alter user scott identified by oracle1; User altered. SQL> select to_char(sysdate,'yyyy-mm-dd,hh24:mi:ss') as a from dual; A ------------------- 2014-03-20,23:40:45 SQL> alter user scott identified by oracle; User altered. SQL> select to_char(sysdate,'yyyy-mm-dd,hh24:mi:ss') as a from dual; A ------------------- 2014-03-20,23:42:05 SQL> alter user scott identified by oracle1; User altered. SQL> select to_char(sysdate,'yyyy-mm-dd,hh24:mi:ss') as a from dual; A ------------------- 2014-03-20,23:42:18 --間隔不足一分鐘,更改提示失敗 SQL> alter user scott identified by oracle; alter user scott identified by oracle * ERROR at line 1: ORA-28007: the password cannot be reused --直接用上一次的密碼更改,更改失敗 SQL> alter user scott identified by oracle1; alter user scott identified by oracle1 * ERROR at line 1: ORA-28007: the password cannot be reused
由上面的實驗,我們可以看出,PASSWORD_REUSE_TIME,PASSWORD_REUSE_MAX值均不爲UNLIMITED,必須同時滿足這兩個條件纔可以更改密碼。
第三種情況,PASSWORD_REUSE_TIME 爲UNLIMITED,PASSWORD_REUSE_MAX爲1
SQL> alter profile DEFAULT limit PASSWORD_REUSE_TIME unlimited; Profile altered. --測試 SQL> alter user scott identified by oracle1; alter user scott identified by oracle1 * ERROR at line 1: ORA-28007: the password cannot be reused SQL> alter user scott identified by oracle2; User altered. SQL> alter user scott identified by oracle1; alter user scott identified by oracle1 * ERROR at line 1: ORA-28007: the password cannot be reused SQL> alter user scott identified by oracle; alter user scott identified by oracle * ERROR at line 1: ORA-28007: the password cannot be reused
由此可以看出,當PASSWORD_REUSE_TIME 爲UNLIMITED,PASSWORD_REUSE_MAX爲指定值,密碼在任何時候都不可以重用。
第四種情況,PASSWORD_REUSE_MAX 爲UNLIMITED,PASSWORD_REUSE_TIME爲1/1440。
SQL> alter profile DEFAULT limit PASSWORD_REUSE_MAX unlimited; Profile altered. SQL> alter profile DEFAULT limit PASSWORD_REUSE_TIME 1/1440; Profile altered. SQL> select to_char(sysdate,'yyyy-mm-dd,hh24:mi:ss') as a from dual; A ------------------- 2014-03-20,23:50:16 SQL> select to_char(sysdate,'yyyy-mm-dd,hh24:mi:ss') as a from dual; A ------------------- 2014-03-20,23:53:10 SQL> alter user scott identified by oracle2; alter user scott identified by oracle2 * ERROR at line 1: ORA-28007: the password cannot be reused SQL> alter user scott identified by oracle1; alter user scott identified by oracle1 * ERROR at line 1: ORA-28007: the password cannot be reused SQL> alter user scott identified by oracle; alter user scott identified by oracle * ERROR at line 1: ORA-28007: the password cannot be reused SQL> alter user scott identified by oracle4; User altered. SQL> alter user scott identified by oracle; alter user scott identified by oracle * ERROR at line 1: ORA-28007: the password cannot be reused
從上面的實驗可以看出,當PASSWORD_REUSE_MAX爲UNLIMITED,PASSWORD_REUSE_TIME爲指定值,密碼在任何時候都不可以重用。