1. Maintenance Guide
  2. General Maintenance Information
  3. Configuring Password Expiration for Users Accessing the Server Remotely

1.11 Configuring Password Expiration for Users Accessing the Server Remotely

You can configure DBSERVER attributes to expire user passwords.

In Oracle Exadata System Software release 19.1.0, there are new DBSERVER attributes for configuring password security for users that access Oracle Exadata System Software servers remotely, such as with REST API or ExaCLI. These attributes determine if the user is able to change the password remotely, the amount of time before a user password expires, and the number of days prior to password expiration that the user receives warning messages. In the default configuration, user passwords do not expire.

Note:

The DBSERVER attributes for password expiration apply only to users created with Oracle Exadata System Software. Password expiration applies only to users that are displayed with the LIST USER command and does not apply to operating system users like dbmadmin or oracle.
  • To allow the user to change the password remotely, use the ALTER DBSERVER command to set the remotePwdChangeAllowed attribute to true.
    If you set the value to false, then the user receives a message indicating that they must contact the server administrator to have their password changed. 
    DBMCLI> ALTER DBSERVER remotePwdChangeAllowed=true
  • To change the length of time before a user password expires, use the ALTER DBSERVER command to modify the pwdExpInDays attribute.
    Set the value n to the number of days before the password expires. If pwdExpInDays is set to 0 (the default value), then the user password does not expire. 
    DBMCLI> ALTER DBSERVER pwdExpInDays=n
  • To configure the length of the warning period before the password expires, use the ALTER DBSERVER command to modify the pwdExpWarnInDays attribute.
    Set the value n to the number of days to warn the user before the password expires. The default user account password expiration warning time is 7 days. 
    DBMCLI> ALTER DBSERVER pwdExpWarnInDays=n
  • To specify the length of time before a user account is locked after the user password expires, use the ALTER DBSERVER command to modify the accountLockInDays attribute.
    Set the value n to the number of days before the user account is locked. The default user account lock time is 7 days. 
    DBMCLI> ALTER DBSERVER accountLockInDays=n

Parent topic: General Maintenance Information