今天看到技术群有人提出一个疑问:为应对安全审计,把PASSWORD_LIFE_TIME参数由值 UNLIMITED 改为值 90 ,然后再改回去是否对用户有影响。
我也很好奇,于是做了个小实验,记录一下:
1.查询服务器当前时间:
[root@ol719c ~]# date
Tue Apr 15 10:59:55 CST 2025
2.创建测试用户
SQL> create user c##cs identified by cs;
User created.
SQL> grant resource,connect to c##cs;
Grant succeeded.
3.修改PASSWORD_LIFE_TIME参数
SQL> Alter PROFILE DEFAULT limit PASSWORD_LIFE_TIME 10;
Profile altered.
#查询修改是否生效
SQL> select lock_date,expiry_date from dba_users where username='C##CS' ;
LOCK_DATE EXPIRY_DA--------- ---------
25-APR-25
#结果显示10天后密码过期
4.还原PASSWORD_LIFE_TIME参数
SQL> Alter PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
Profile altered.
#再次查询用户信息过期时间为空
SQL> select lock_date,expiry_date from dba_users where username='C##CS';
LOCK_DATE EXPIRY_DA
--------- ---------
5.修改系统时间为过期时间之后
[root@ol719c ~]# date -s '2025-5-9'
Fri May 9 00:00:00 CST 2025
[root@ol719c ~]# dateFri May 9 00:00:01 CST 2025
6.登录验证
[oracle@ol719c ~]$ sqlplus c##cs/cs
SQL*Plus: Release 19.0.0.0.0 - Production on Fri May 9 00:01:07 2025
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Last Successful login time: Tue Apr 15 2025 11:02:33 +08:00
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
SQL>
#验证结果登录正常,对于用户无影响
7.改回当前正确时间,实验结束
