zoukankan      html  css  js  c++  java
  • Oracle不知道用户密码情况下,如何在不更改密码的前提下解锁用户或者延期密码有效期

    1.问题描述:

    生产环境,zabbix告警业务用户密码即将过期,但是如何不知道业务用户密码的情况下来解决该问题?

    2.实验一:

    1)创建新的用户test,并授予test resource角色和connect权限,并测试连接test用户

    SYS@PROD4 >create user test identified by test;

    User created.

    SYS@PROD4 >grant resource to test;

    Grant succeeded.

    SYS@PROD4 >grant connect to test;

    Grant succeeded.

    SYS@PROD4 >conn test/test;
    Connected.

    2)查看test用户的状态(open),

    TEST@PROD4 >conn / as sysdba
    Connected.


    SYS@PROD4 >set linesize 200 pagesize 200
    SYS@PROD4 >col username for a10
    SYS@PROD4 >select username,password,account_status,lock_date,expiry_date,created,password_versions from dba_users where username='SCOTT';              

    USERNAME   PASSWORD              ACCOUNT_STATUS           LOCK_DATE EXPIRY_DA CREATED     PASSWORD
    ---------- ---   --------------------------- -------------------------------- --------- --------- --------- --------
    TEST                                                   OPEN                                20-AUG-20 22-FEB-20  10G 11G

    3)锁定test用户,并验证
    SYS@PROD4 >alter user test account lock;

    User altered.

    SYS@PROD4 >select username,password,account_status,lock_date,expiry_date,created,password_versions from dba_users where username='TEST';

    USERNAME   PASSWORD              ACCOUNT_STATUS           LOCK_DATE EXPIRY_DA CREATED     PASSWORD
    ---------- ------------------------------ -------------------------------- --------- --------- --------- --------
    TEST                      LOCKED               22-FEB-20 20-AUG-20 22-FEB-20 10G 11G

    SYS@PROD4 >conn test/test;
    ERROR:
    ORA-28000: the account is locked


    Warning: You are no longer connected to ORACLE.
    @ >conn / as sysdba
    Connected.

    4)查看ora 28000报错
    SYS@PROD4 >!oerr ora 28000
    28000, 00000, "the account is locked"
    // *Cause:   The user has entered wrong password consequently for maximum
    //           number of times specified by the user's profile parameter
    //           FAILED_LOGIN_ATTEMPTS, or the DBA has locked the account
    // *Action:  Wait for PASSWORD_LOCK_TIME or contact DBA

    5)查看test用户的密码在user$中的hash值
    SYS@PROD4 >select name,password from user$ where name='TEST';

    NAME                   PASSWORD
    ------------------------------ ------------------------------
    TEST                   7A0F2B316C212D67

    5)利用该hash值解锁scott用户
    SYS@PROD4 >alter user test identified by values '7A0F2B316C212D67' account unlock;

    User altered.

    6)用原密码测试连接scott用户
    SYS@PROD4 >conn test/test;
    Connected.
    TEST@PROD4 >show user;
    USER is "TEST"

    结论:在不知道用户密码的情况下,可以通过查询用户密码的hash值,在不更改密码的情况下解锁用户

    测试二:

    1)查看scott用户密码的hash值
    TEST@PROD4 >conn / as sysdba
    Connected.
    SYS@PROD4 >select name,password from user$ where name='SCOTT';

    NAME                   PASSWORD
    ------------------------------ ------------------------------
    SCOTT                   F894844C34402B67

    2)查看scott用户的过期时间
    SYS@PROD4 >set linesize 200 pagesize 200
    SYS@PROD4 >select username,password,account_status,lock_date,expiry_date,created,password_versions from dba_users where username='SCOTT';

    USERNAME   PASSWORD              ACCOUNT_STATUS           LOCK_DATE EXPIRY_DA CREATED     PASSWORD
    ---------- ------------------------------ -------------------------------- --------- --------- --------- --------
    SCOTT                      OPEN                         07-AUG-20 18-SEP-11 10G 11G

    3)利用scott用户密码的hash值重置用户的过期时间

    SYS@PROD4 >alter user SCOTT identified by values 'F894844C34402B67';

    User altered.

    4)查看scott用户的密码过期时间(发现已经被重置)
    SYS@PROD4 >select username,password,account_status,lock_date,expiry_date,created,password_versions from dba_users where username='SCOTT';

    USERNAME   PASSWORD              ACCOUNT_STATUS           LOCK_DATE EXPIRY_DA CREATED     PASSWORD
    ---------- ------------------------------ -------------------------------- --------- --------- --------- --------
    SCOTT                      OPEN                         20-AUG-20 18-SEP-11 10G

    5)验证scott用户用原密码是否可登陆
    @ >conn scott/tiger;
    Connected.
    SCOTT@PROD4 >show user;
    USER is "SCOTT"

    结论:可以在不知道用户密码的情况下,重置用户密码有效期

  • 相关阅读:
    Overloaded的方法是否可以改变返回值的类型
    parseXXX的用法
    java的类型转换问题。int a = 123456;short b = (short)a;System.out.println(b);为什么结果是-7616?
    UVA 10405 Longest Common Subsequence(简单DP)
    POJ 1001 Exponentiation(大数处理)
    POJ 2318 TOYS(计算几何)(二分)
    POJ 1265 Area (计算几何)(Pick定理)
    POJ 3371 Flesch Reading Ease (模拟题)
    POJ 3687 Labeling Balls(拓扑序列)
    POJ 1094 Sorting It All Out(拓扑序列)
  • 原文地址:https://www.cnblogs.com/gw666/p/12344888.html
Copyright © 2011-2022 走看看