oracle user account


1. select from dba_users table to see when the account was locked.
myuser@myuser] ./orcl_my.sh
Rerunning as Oracle

SQL*Plus: Release 10.2.0.2.0 - Production on Tue Mar 5 12:06:37 2013

Copyright (c) 1982, 2005, Oracle.  All Rights Reserved.

Connected to an idle instance.

SQL> shutdown immediate
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux-x86_64 Error: 2: No such file or directory
SQL> startup
ORACLE instance started.

SQL>
SQL> set line 4000;

SQL> shutdown immediate
ORA-01507: database not mounted


ORACLE instance shut down.
SQL> startup
ORACLE instance started.


SQL> alter session set nls_date_format = 'yyyy-mm-dd hh24:mi:ss';

Session altered.

SQL> select account_status, lock_date from dba_users where username = 'MYUSER1';

ACCOUNT_STATUS                   LOCK_DATE
-------------------------------- -------------------
LOCKED(TIMED)                    2013-03-03 23:44:54

SQL> alter user MYUSER1 account unlock;

User altered.

SQL>


2. check the lister.log, according to the time, get the ip that caused the problem
myuser@myuser] cat  /rhel5pdi/apollo/var/env/OracleEE/server/network/log/listener.log

03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39082)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39083)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39084)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39085)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39080)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39086)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39081)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39079)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39078)) * establish * orcl * 0
03-MAR-2013 23:44:53 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39077)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39090)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39089)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39091)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39092)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39093)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39095)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39094)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39088)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39097)) * establish * orcl * 0
03-MAR-2013 23:44:55 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.0.148)(PORT=39096)) * establish * orcl * 0

So, the client 192.168.0.148 may enter a wrong pwd more than 5 times and make the account locked.

 

3. use user profile to solve this problem
SQL> show parameter resource_limit;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
resource_limit                       boolean     FALSE
SQL> alter system set resource_limit=true;

System altered.


SQL> select username, b.* from dba_users a , dba_profiles b where a.profile=b.profile;

...

USERNAME                       PROFILE                        RESOURCE_NAME                    RESOURCE LIMIT
------------------------------ ------------------------------ -------------------------------- -------- ----------------------------------------
MYUSER1                         DEFAULT                        IDLE_TIME                        KERNEL   UNLIMITED
MYUSER1                         DEFAULT                        LOGICAL_READS_PER_CALL           KERNEL   UNLIMITED
MYUSER1                         DEFAULT                        LOGICAL_READS_PER_SESSION        KERNEL   UNLIMITED
MYUSER1                         DEFAULT                        CPU_PER_CALL                     KERNEL   UNLIMITED
MYUSER1                         DEFAULT                        CPU_PER_SESSION                  KERNEL   UNLIMITED
MYUSER1                         DEFAULT                        SESSIONS_PER_USER                KERNEL   UNLIMITED
MYUSER1                         DEFAULT                        COMPOSITE_LIMIT                  KERNEL   UNLIMITED
....

224 rows selected.

SQL> create profile cgs_limit_profile limit password_lock_time 0.0007;

Profile created.

SQL> alter user MYUSER1 profile cgs_limit_profile;

User altered.

SQL> select username, b.* from dba_users a , dba_profiles b where a.profile=b.profile;


USERNAME                       PROFILE                        RESOURCE_NAME                    RESOURCE LIMIT
------------------------------ ------------------------------ -------------------------------- -------- ----------------------------------------
MYUSER1                         CGS_LIMIT_PROFILE              PASSWORD_GRACE_TIME              PASSWORD DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              PASSWORD_LOCK_TIME               PASSWORD .0006
MYUSER1                         CGS_LIMIT_PROFILE              PASSWORD_VERIFY_FUNCTION         PASSWORD DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              PASSWORD_REUSE_MAX               PASSWORD DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              PASSWORD_REUSE_TIME              PASSWORD DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              PASSWORD_LIFE_TIME               PASSWORD DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              FAILED_LOGIN_ATTEMPTS            PASSWORD DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              PRIVATE_SGA                      KERNEL   DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              CONNECT_TIME                     KERNEL   DEFAULT

USERNAME                       PROFILE                        RESOURCE_NAME                    RESOURCE LIMIT
------------------------------ ------------------------------ -------------------------------- -------- ----------------------------------------
MYUSER1                         CGS_LIMIT_PROFILE              IDLE_TIME                        KERNEL   DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              LOGICAL_READS_PER_CALL           KERNEL   DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              LOGICAL_READS_PER_SESSION        KERNEL   DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              CPU_PER_CALL                     KERNEL   DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              CPU_PER_SESSION                  KERNEL   DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              SESSIONS_PER_USER                KERNEL   DEFAULT
MYUSER1                         CGS_LIMIT_PROFILE              COMPOSITE_LIMIT                  KERNEL   DEFAULT


posted @ 2013-03-05 14:02  lizmy  阅读(721)  评论(0编辑  收藏  举报