Password expire
Job details
| Name: | Password expire |
| Platform: | Oracle |
| Category: | Availability |
| Description: | Checks for users whose password will soon expire. |
| Long description: | Task checks for users whose password will soon expire. |
| Version: | 3.3 |
| Default schedule: | 0 10 * * |
| Requires engine install: | Yes |
| Compatibility tag: | .[type=‘instance’ & databasetype=‘oracle’]/.[hasengine=‘YES’ & _priv_read_dba_users = ‘1′ ] |
Parameters
| Name | Default value | Description |
|---|---|---|
| Days to warning | 30 | Send a warning if less than this about of days to expire |
| Days to alarm | 7 | Send an alarm if less than this about of days to expire |
| Disable warnings | NO | Enables/disables warnings. YES or NO values |
| Disable alarms | NO | Enables/disables alarms. YES or NO values |
| Keep history for | 180 | Days to keep history |
| exclude users | Name(s) of user(s) which should be excluded (separated by comma). |
Job Summary
- Purpose: The purpose of this job is to monitor Oracle database users to detect when passwords are close to expiring and execute necessary alerts or warnings based on configurable thresholds.
- Why: This job is important to ensure that user accounts remain accessible and secure. Prompt notifications allow for timely password updates, preventing potential disruptions or security vulnerabilities due to expired passwords.
- Manual checking: You can check this manually in the Oracle database by issuing the following SQL commands:
select username, expiry_date, account_status from dba_users where account_status in ('OPEN', 'EXPIRED(GRACE)', 'LOCKED(TIMED)') order by account_status, expiry_date, username;Core Functionality
The main implementation of this job involves a procedural script which performs several checks and actions:
- Checking user passwords against warning and alarm thresholds for upcoming expiration.
- Inserting records into a ‘dbw_pwd_expire_history’ table for users who are nearing password expiration.
- Updating the status and returning relevant messages based on the password expiration conditions found.
Job Dependency and Lifecycle Management
- Dependencies: This job is self-reliant but also logs histories into a specialized table ‘dbw_pwd_expire_history’.
- Cleanup: On failure, cleanup activities are triggered to rollback changes for a clean slate.
Reporting
- Title: “Password Expire”
- Description: This report provides a comprehensive outline of user statuses concerning their password expiration within the Oracle database environment.
- Execution: The report is scheduled to run hourly, offering up-to-date information.
Report Outputs
| Username | Date when the password will expire | Current account status |
|---|---|---|
| User1 | 2023-07-10 | OPEN |
| User2 | 2023-07-05 | EXPIRED |
| User3 | 2023-06-30 | LOCKED |
This outlined table will reflect real-time data as fetched by the job based on the latest checks against the user password statuses.
Implementation Details
This task is automated via procedural scripts which:
- Dynamically check user statuses.
- Perform insertions into history tables for tracking.
- Alert administrators through configured thresholds either via warnings or alarm system notifications.
The script handles various cases efficiently, adapting to database values and conditions set forth through the configurations, ensuring that the database remains compliant with security protocols pertaining to user authentication.