1 Reply Latest reply: Sep 10, 2013 8:55 AM by sb92075 RSS

    DBA_AUDIT_SESSION and locked user.

    SherrieK

      Oracle 11.1.0.7

       

      I have a user in our development environment that locks overnight.  The status is locked(timed) when I can catch it, meaning a bad password.

      Its default profile had PASSWORD_LIFE_TIME as 1 (the default), so by the time I'd see it, the account was already unlocked. Also during the evening

      hours another batch job accesses this user's data through a stored procedure over a dblink, encountering the account locked ORA-28000 status and

      a failure.

      I think what also may be happening is there is a successful logon, which then resets counting the attempts.

       

      I'm trying to figure out where this bad password is coming from. I turned auditing on create session, but the records don't have much information for me to go on:

       

      oracleGIS_DALserver.domainpts/19/10/2013 8:01:36 AMLOGON16832078280009/10/2013 8:01:36.461772 AM -04:00113435

       

      The user has this profile:

      COMPOSITE_LIMITUNLIMITED
      SESSIONS_PER_USERUNLIMITED
      CPU_PER_SESSIONUNLIMITED
      CPU_PER_CALLUNLIMITED
      LOGICAL_READS_PER_SESSIONUNLIMITED
      LOGICAL_READS_PER_CALLUNLIMITED
      IDLE_TIMEUNLIMITED
      CONNECT_TIMEUNLIMITED
      PRIVATE_SGAUNLIMITED
      FAILED_LOGIN_ATTEMPTS3
      PASSWORD_LIFE_TIMEUNLIMITED
      PASSWORD_REUSE_TIMEUNLIMITED
      PASSWORD_REUSE_MAXUNLIMITED
      PASSWORD_VERIFY_FUNCTIONNULL
      PASSWORD_LOCK_TIMEUNLIMITED
      PASSWORD_GRACE_TIMEUNLIMITED

       

      Is there another means to capture a failed login attempt in addition to auditing?