Oracle password profile security

Oracle password profile security 

create profile all_users limit
   PASSWORD_LIFE_TIME 365
   PASSWORD_GRACE_TIME 10
   PASSWORD_REUSE_TIME UNLIMITED
   PASSWORD_REUSE_MAX 0
   FAILED_LOGIN_ATTEMPTS 3
   PASSWORD_LOCK_TIME UNLIMITED;

Oracle password security profile parameters

Here are the password security parameters:

• failed_login_attempts - This is the number of failed login attempts before locking the Oracle user account. The default in 11g is 10 failed attempts.
   
• password_grace_time - This is the grace period after the password_life_time limit is exceeded.
   
• password_life_time - This is how long an existing password is valid. The default in 11g forces a password change every 180 days.
   
• password_lock_time - This is the number of days  that must pass after an account is locked before it is unlocked.  It specifies how long to lock the account after the failed login attempts is met. The default in 11g is one day.
   
• password_reuse_max - This is the number of times that you may reuse a password and is intended to prevent repeating password cycles (north, south, east, west).
   
• password_reuse_time - This parameter specifies a time limit before a previous password can be re-entered. To allow unlimited use of previously used passwords, set password_reuse_time to UNLIMITED.
   
• password_verify_function - This allows you to specify the name of a custom password verification function.

Dropping Profile

Profiles no longer required can be dropped with the DROP PROFILE command.

• The DEFAULT profile cannot be dropped.
• The CASCADE clause revokes the profile from any user account to which it was assigned – the CASCADE clause MUST BE USED if the profile has been assigned to any user account.

SQL> DROP PROFILE accountant;

ERROR at line 1:
ORA-02382: profile ACCOUNTANT has users assigned, cannot drop without CASCADE

SQL> DROP PROFILE accountant CASCADE;