ORA-28001: the password has expired
问题描述
通过报警系统收到一个库的报警
ORA-28001: the password has expired
该报警系统是通过1521端口访问数据库,并且用system账号登录的。
问题解决
检查用户状态:
SQL> select username ,account_status from dba_users;
USERNAME ACCOUNT_STATUS
------------------------------------------------------------------------------------------ -----------------------------------
MGMT_VIEW OPEN
SYS OPEN
SYSTEM EXPIRED
DBSNMP EXPIRED(GRACE)
SYSMAN EXPIRED(GRACE)
ABC EXPIRED(GRACE)
OUTLN EXPIRED & LOCKED
FLOWS_FILES EXPIRED & LOCKED
MDSYS EXPIRED & LOCKED
ORDSYS EXPIRED & LOCKED
EXFSYS EXPIRED & LOCKED
WMSYS EXPIRED & LOCKED
APPQOSSYS EXPIRED & LOCKED
APEX_030200 EXPIRED & LOCKED
OWBSYS_AUDIT EXPIRED & LOCKED
ORDDATA EXPIRED & LOCKED
CTXSYS EXPIRED & LOCKED
ANONYMOUS EXPIRED & LOCKED
XDB EXPIRED & LOCKED
ORDPLUGINS EXPIRED & LOCKED
OWBSYS EXPIRED & LOCKED
SI_INFORMTN_SCHEMA EXPIRED & LOCKED
OLAPSYS EXPIRED & LOCKED
ORACLE_OCM EXPIRED & LOCKED
XS$NULL EXPIRED & LOCKED
MDDATA EXPIRED & LOCKED
DIP EXPIRED & LOCKED
APEX_PUBLIC_USER EXPIRED & LOCKED
SPATIAL_CSW_ADMIN_USR EXPIRED & LOCKED
SPATIAL_WFS_ADMIN_USR EXPIRED & LOCKED
30 rows selected.
有几个账户为EXPIRED(GRACE),查阅资料得知这是oracle11g安全的一个更新,类似系统账号过期一样。 创建用户时缺省密码过期限制是180天, 超过180天用户密码未做修改则该用户无法登录
- 直接为system账号解锁
SQL> alter user system identified by oracle account unlock;
User altered.
- 查看system账号的profile
SQL> select profile from dba_users where username='SYSTEM';
PROFILE
------------------------------------------------------------------------------------------
DEFAULT
- 查询表dba_profiles
SQL> select * from dba_profiles where profile='DEFAULT';
PROFILE RESOURCE_NAME RESOURCE_TYPE LIMIT
------------------------------------------------------------------------------------------ --------------------------------------------------------------------
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
16 rows selected.
这些参数的意义:
FAILED_LOGIN_ATTEMPTS 整数设定登录到Oracle 数据库时可以失败的次数。一旦某用户尝试登录数据库的达到该值时,该用户的帐户就被锁定,只能由DBA能解锁。
PASSWORD_LIFE_TIME 设定口令的有效时间(天数),一旦超过这一时间,必须重新设口令。缺省为UNLIMITED。
PASSWORD_REUSE_TIME 许多系统不许用户重新启用过去用过的口令。该资源项设定了一个失效口令要经过多少天,用户才可以重新使用该口令。缺省为UNLIMITED.
PASSWORD_REUSE_MAX 重新启用一个先前用过的口令前必须对该口令进行重新设置的次数(重复用的次数)。
PASSWORD_LOCK_TIME 设定帐户被锁定的天数(当登录失败达到FAILED_LOGIN_ATTEMPTS时)。
PASSWORD_GRACE_TIME 设定在口令失效前,给予的重新设该口令的宽限天。当口令失效之后回,在登录时会出现警告信息显示该天数。如果没有在宽限天内修改口令,口令将失效。
PASSWORD_VERITY_FUNCTION 该资源项允许调用一个PL/SQL 来验证口令。Oracle公司已提供该应用 的脚本,但是只要愿意的话,用户可以制定自己的验证脚本。该参数的设定就是PL/SQL函数的名称。缺省为NULL.
- 该库的默认有效期是180天
SQL> select * from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LIFE_TIME';
PROFILE RESOURCE_NAME RESOURCE_TYPE LIMIT
--------------- ------------------------- ------------------------ --------------------
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
- 修改默认有效期天数为不限制
SQL> alter profile default limit password_life_time unlimited;
Profile altered.
- 查看默认有效期
SQL> select * from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LIFE_TIME';
PROFILE RESOURCE_NAME RESOURCE_TYPE LIMIT
--------------- ------------------------- ------------------------ --------------------
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
- 查看当前用户状态
SQL> select username,user_id,account_status,default_tablespace,created from dba_users order by account_status;
USERNAME USER_ID ACCOUNT_STATUS DEFAULT_TABLESPACE CREATED
------------------------- ---------- -------------------- ------------------------------ -------------------------
OWBSYS_AUDIT 79 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SPATIAL_CSW_ADMIN_USR 69 EXPIRED & LOCKED USERS 17-12月-2019 14:35:30
APEX_PUBLIC_USER 75 EXPIRED & LOCKED USERS 17-12月-2019 14:37:17
DIP 14 EXPIRED & LOCKED USERS 17-12月-2019 14:25:17
MDDATA 64 EXPIRED & LOCKED USERS 17-12月-2019 14:34:10
XS$NULL 2147483638 EXPIRED & LOCKED USERS 17-12月-2019 14:31:57
OUTLN 9 EXPIRED & LOCKED SYSTEM 17-12月-2019 14:24:47
FLOWS_FILES 74 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
MDSYS 57 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
ORDSYS 53 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
EXFSYS 42 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:54
WMSYS 32 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:30
APPQOSSYS 31 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:12
APEX_030200 77 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
SPATIAL_WFS_ADMIN_USR 66 EXPIRED & LOCKED USERS 17-12月-2019 14:35:28
ORDDATA 54 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
CTXSYS 43 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:58
ANONYMOUS 46 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
XDB 45 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
ORDPLUGINS 55 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OWBSYS 78 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SI_INFORMTN_SCHEMA 56 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OLAPSYS 60 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:33:49
ORACLE_OCM 21 EXPIRED & LOCKED USERS 17-12月-2019 14:25:37
ABC 83 EXPIRED(GRACE) DATAS 17-12月-2019 15:18:43
SYSMAN 84 EXPIRED(GRACE) SYSAUX 20-12月-2019 10:18:58
DBSNMP 30 EXPIRED(GRACE) SYSAUX 17-12月-2019 14:28:11
SYSTEM 5 OPEN SYSTEM 17-12月-2019 14:24:46
SYS 0 OPEN SYSTEM 17-12月-2019 14:24:46
MGMT_VIEW 86 OPEN SYSTEM 20-12月-2019 10:20:02
30 rows selected.
system刚刚已经解锁了。
- 为其它账号解锁
SQL> alter user sysman identified by oracle account unlock;
User altered.
SQL> alter user dbsnmp identified by oracle account unlock;
User altered.
SQL> select username,user_id,account_status,default_tablespace,created from dba_users order by account_status;
USERNAME USER_ID ACCOUNT_STATUS DEFAULT_TABLESPACE CREATED
------------------------- ---------- -------------------- ------------------------------ -------------------------
OWBSYS_AUDIT 79 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SPATIAL_CSW_ADMIN_USR 69 EXPIRED & LOCKED USERS 17-12月-2019 14:35:30
APEX_PUBLIC_USER 75 EXPIRED & LOCKED USERS 17-12月-2019 14:37:17
DIP 14 EXPIRED & LOCKED USERS 17-12月-2019 14:25:17
MDDATA 64 EXPIRED & LOCKED USERS 17-12月-2019 14:34:10
XS$NULL 2147483638 EXPIRED & LOCKED USERS 17-12月-2019 14:31:57
OUTLN 9 EXPIRED & LOCKED SYSTEM 17-12月-2019 14:24:47
FLOWS_FILES 74 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
MDSYS 57 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
ORDSYS 53 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
EXFSYS 42 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:54
WMSYS 32 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:30
APPQOSSYS 31 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:12
APEX_030200 77 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
SPATIAL_WFS_ADMIN_USR 66 EXPIRED & LOCKED USERS 17-12月-2019 14:35:28
ORDDATA 54 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
CTXSYS 43 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:58
ANONYMOUS 46 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
XDB 45 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
ORDPLUGINS 55 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OWBSYS 78 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SI_INFORMTN_SCHEMA 56 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OLAPSYS 60 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:33:49
ORACLE_OCM 21 EXPIRED & LOCKED USERS 17-12月-2019 14:25:37
ABC 83 EXPIRED(GRACE) DATAS 17-12月-2019 15:18:43
SYSMAN 84 OPEN SYSAUX 20-12月-2019 10:18:58
DBSNMP 30 OPEN SYSAUX 17-12月-2019 14:28:11
SYSTEM 5 OPEN SYSTEM 17-12月-2019 14:24:46
SYS 0 OPEN SYSTEM 17-12月-2019 14:24:46
MGMT_VIEW 86 OPEN SYSTEM 20-12月-2019 10:20:02
30 rows selected.
- 直接为用户解锁,不修改密码
SQL> alter user abc account unlock;
User altered.
SQL> select username,user_id,account_status,default_tablespace,created from dba_users order by account_status;
USERNAME USER_ID ACCOUNT_STATUS DEFAULT_TABLESPACE CREATED
------------------------- ---------- -------------------- ------------------------------ -------------------------
OWBSYS_AUDIT 79 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SPATIAL_CSW_ADMIN_USR 69 EXPIRED & LOCKED USERS 17-12月-2019 14:35:30
APEX_PUBLIC_USER 75 EXPIRED & LOCKED USERS 17-12月-2019 14:37:17
DIP 14 EXPIRED & LOCKED USERS 17-12月-2019 14:25:17
MDDATA 64 EXPIRED & LOCKED USERS 17-12月-2019 14:34:10
XS$NULL 2147483638 EXPIRED & LOCKED USERS 17-12月-2019 14:31:57
OUTLN 9 EXPIRED & LOCKED SYSTEM 17-12月-2019 14:24:47
FLOWS_FILES 74 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
MDSYS 57 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
ORDSYS 53 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
EXFSYS 42 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:54
WMSYS 32 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:30
APPQOSSYS 31 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:12
APEX_030200 77 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
SPATIAL_WFS_ADMIN_USR 66 EXPIRED & LOCKED USERS 17-12月-2019 14:35:28
ORDDATA 54 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
CTXSYS 43 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:58
ANONYMOUS 46 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
XDB 45 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
ORDPLUGINS 55 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OWBSYS 78 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SI_INFORMTN_SCHEMA 56 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OLAPSYS 60 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:33:49
ORACLE_OCM 21 EXPIRED & LOCKED USERS 17-12月-2019 14:25:37
ABC 83 EXPIRED(GRACE) DATAS 17-12月-2019 15:18:43
SYSMAN 84 OPEN SYSAUX 20-12月-2019 10:18:58
DBSNMP 30 OPEN SYSAUX 17-12月-2019 14:28:11
SYSTEM 5 OPEN SYSTEM 17-12月-2019 14:24:46
SYS 0 OPEN SYSTEM 17-12月-2019 14:24:46
MGMT_VIEW 86 OPEN SYSTEM 20-12月-2019 10:20:02
30 rows selected.
可以看到账户ABC状态还是expired(grace)
- 修改密码
SQL> alter user abc identified by abc;
User altered.
SQL> select username,user_id,account_status,default_tablespace,created from dba_users order by account_status;
USERNAME USER_ID ACCOUNT_STATUS DEFAULT_TABLESPACE CREATED
------------------------- ---------- -------------------- ------------------------------ -------------------------
OWBSYS_AUDIT 79 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SPATIAL_CSW_ADMIN_USR 69 EXPIRED & LOCKED USERS 17-12月-2019 14:35:30
APEX_PUBLIC_USER 75 EXPIRED & LOCKED USERS 17-12月-2019 14:37:17
DIP 14 EXPIRED & LOCKED USERS 17-12月-2019 14:25:17
MDDATA 64 EXPIRED & LOCKED USERS 17-12月-2019 14:34:10
XS$NULL 2147483638 EXPIRED & LOCKED USERS 17-12月-2019 14:31:57
OUTLN 9 EXPIRED & LOCKED SYSTEM 17-12月-2019 14:24:47
FLOWS_FILES 74 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
MDSYS 57 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
ORDSYS 53 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
EXFSYS 42 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:54
WMSYS 32 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:30
APPQOSSYS 31 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:28:12
APEX_030200 77 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:37:17
SPATIAL_WFS_ADMIN_USR 66 EXPIRED & LOCKED USERS 17-12月-2019 14:35:28
ORDDATA 54 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
CTXSYS 43 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:30:58
ANONYMOUS 46 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
XDB 45 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:31:10
ORDPLUGINS 55 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OWBSYS 78 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:41:52
SI_INFORMTN_SCHEMA 56 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:32:05
OLAPSYS 60 EXPIRED & LOCKED SYSAUX 17-12月-2019 14:33:49
ORACLE_OCM 21 EXPIRED & LOCKED USERS 17-12月-2019 14:25:37
ABC 83 OPEN DATAS 17-12月-2019 15:18:43
SYSMAN 84 OPEN SYSAUX 20-12月-2019 10:18:58
DBSNMP 30 OPEN SYSAUX 17-12月-2019 14:28:11
SYSTEM 5 OPEN SYSTEM 17-12月-2019 14:24:46
SYS 0 OPEN SYSTEM 17-12月-2019 14:24:46
MGMT_VIEW 86 OPEN SYSTEM 20-12月-2019 10:20:02
30 rows selected.
- 查询oracle用户创建时间
SQL> select t.username, t.account_status, t.created, t.default_tablespace from dba_users t order by t.created desc;
- 查询用户概要文件情况
SQL> SELECT username,PROFILE FROM dba_users where username like 'ABC%';
账号有多少中状态
SQL> select * from user_astatus_map;
STATUS# STATUS
---------- ------------------------------------------------------------------------------------------------
0 OPEN
1 EXPIRED
2 EXPIRED(GRACE)
4 LOCKED(TIMED)
8 LOCKED
5 EXPIRED & LOCKED(TIMED)
6 EXPIRED(GRACE) & LOCKED(TIMED)
9 EXPIRED & LOCKED
10 EXPIRED(GRACE) & LOCKED
9 rows selected.
-
五种基本状态可分为三类:
1.正常状态;
2.锁定状态;
3.密码过期状态。 -
OPEN状态
表示用户处于正常状态。 -
LOCKED和LOCKED(TIMED)
表示用户被锁定状态。有如下两种情况:
DBA显式的通过SQL语句对用户进行锁定;
被动的锁定,默认情况下如果密码输入错误超过10次锁定;
该限制由PROFILE中的FAILED_LOGIN_ATTEMPTS控制,可查看视图DBA_PROFILES。
DBA显式锁定用户LOCKED
alter user [username] account lock;
输入10次错误密码后被动锁定LOCKED(TIMED)
这个限制是由PROFILE中的FAILED_LOGIN_ATTEMPTS控制的,该信息可以通过DBA_PROFILES视图查询 -
EXPIRED和EXPIRED(GRACE)
表示用户密码过期状态。
修改PROFILE中的PASSWORD_LIFE_TIME实现密码是否过期
SQL> alter profile default limit password_life_time unlimited;
密码过期后也可修改PROFILE中的PASSWORD_GRACE_TIME控制使用的天数:
SQL> alter profile default limit password_grece_time 180;
对于密码过期的用户OPEN:
SQL> alter user [username] identified by account unlock;