« FAILED_LOGIN_ATTEMPTS default to 10 in 10gR2
Oktoberfest »

FAILED_LOGIN_ATTEMPTS part 2

Ref: part 1
I reported this lack of documentation on http://forums.oracle.com/forums/thread.jspa?threadID=330359

Here is my test case (take care, it will create a new db!) :

SQL> startup force quiet nomount;
ORACLE instance started.
SQL> create database controlfile reuse extent management
local default tablespace users default temporary tablespace temp
undo tablespace undotbs1;

Database created.
SQL> @?/rdbms/admin/catalog
SQL> @?/rdbms/admin/catproc
SQL> col username for a10
SQL> col PROFILE for a7
SQL> col LIMIT for a12
SQL> select username, profile, limit from dba_users join 
dba_profiles using (profile) 
where resource_name='FAILED_LOGIN_ATTEMPTS';
USERNAME   PROFILE LIMIT 
---------- ------- ------------ 
SYSTEM     DEFAULT 10
SYS        DEFAULT 10
TSMSYS     DEFAULT 10
DIP        DEFAULT 10
DBSNMP     DEFAULT 10
OUTLN      DEFAULT 10

This entry was posted on Friday, September 30th, 2005 at 12:34 and is filed under oracle, dba, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Post to : del.icio.us - Digg it - Furl - reddit - Spurl

Put your code in <code> and </code> tags

7 Responses to “FAILED_LOGIN_ATTEMPTS part 2”

  1. Anonymous Says:
    October 29th, 2006 at 11:53

    Does this mean that the policy violation recommendation for DBSNMP in 10.2: “Oracle recommends changing the parameter FAILED_LOGIN_ATTEMPTS in user profiles to no more than 10″ should be ignored because it is already the case?

    Ren

  2. Laurent Schneider Says:
    October 29th, 2006 at 21:03

    well, it is still a recommendation to not change the default to something less than 10 ;-)

  3. Anonymous Says:
    November 6th, 2006 at 10:44

    For Oracle10gAS, would you recommend changing this parameter simply to avoid the alert from Grid Control? As you mentioned, the implication is that the account could be locked, and the whole system will be halted. One example is user ‘ORASSO’ …

  4. Laurent Schneider Says:
    November 6th, 2006 at 20:05

    > the implication is that the account
    > could be locked, and the whole
    > system will be halted. One example
    > is user ‘ORASSO’ …
    well, this is all about security. on the one hand you protect your data, on the other hand a process/user trying to log in with a wrong password is reducing the availability.

    up to you…

  5. Anonymous Says:
    November 8th, 2006 at 03:00

    Laurent,

    Do you know if the failed attempts are 10 in a row or just 10 cumulatively?

    Thanks.

  6. Laurent Schneider Says:
    November 8th, 2006 at 11:15

    10 in a row

    SQL> grant create session to x identified by x;

    Grant succeeded.

    SQL> connect x/x
    Connected.
    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    Warning: You are no longer connected to ORACLE.
    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/x
    Connected.
    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    Warning: You are no longer connected to ORACLE.
    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/x
    Connected.
    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    Warning: You are no longer connected to ORACLE.
    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/y
    ERROR:
    ORA-01017: invalid username/password; logon denied

    SQL> connect x/x
    ERROR:
    ORA-28000: the account is locked

  7. laurentschneider Says:
    January 4th, 2007 at 11:52

    Anonymous said :
    > Is there a counter to see how many failed login attempts are made
    > for an account?

    select name,lcount from user$;

Leave a Reply

Use <code> and </code> to post code