This discussion is archived
1 Reply Latest reply: Sep 10, 2013 6:55 AM by sb92075 RSS

DBA_AUDIT_SESSION and locked user.

SherrieK Newbie
Currently Being Moderated

Oracle 11.1.0.7

 

I have a user in our development environment that locks overnight.  The status is locked(timed) when I can catch it, meaning a bad password.

Its default profile had PASSWORD_LIFE_TIME as 1 (the default), so by the time I'd see it, the account was already unlocked. Also during the evening

hours another batch job accesses this user's data through a stored procedure over a dblink, encountering the account locked ORA-28000 status and

a failure.

I think what also may be happening is there is a successful logon, which then resets counting the attempts.

 

I'm trying to figure out where this bad password is coming from. I turned auditing on create session, but the records don't have much information for me to go on:

 

oracleGIS_DALserver.domainpts/19/10/2013 8:01:36 AMLOGON16832078280009/10/2013 8:01:36.461772 AM -04:00113435

 

The user has this profile:

COMPOSITE_LIMITUNLIMITED
SESSIONS_PER_USERUNLIMITED
CPU_PER_SESSIONUNLIMITED
CPU_PER_CALLUNLIMITED
LOGICAL_READS_PER_SESSIONUNLIMITED
LOGICAL_READS_PER_CALLUNLIMITED
IDLE_TIMEUNLIMITED
CONNECT_TIMEUNLIMITED
PRIVATE_SGAUNLIMITED
FAILED_LOGIN_ATTEMPTS3
PASSWORD_LIFE_TIMEUNLIMITED
PASSWORD_REUSE_TIMEUNLIMITED
PASSWORD_REUSE_MAXUNLIMITED
PASSWORD_VERIFY_FUNCTIONNULL
PASSWORD_LOCK_TIMEUNLIMITED
PASSWORD_GRACE_TIMEUNLIMITED

 

Is there another means to capture a failed login attempt in addition to auditing?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points