How do I configure the Oracle database user lockout threshold?

Purpose

As a security precaution, you can configure the number of consecutive Oracle database user login failures that are tolerated before the user account is locked.

If the Oracle database user account is locked because of too many login failures, you can unlock the account by performing How do I unlock the Oracle database user account?.

Note: In a redundant deployment, you perform the procedure on the primary database station. After you perform the procedure, the primary database automatically copies the configuration change to the standby database.

The configuration change that you make in this procedure is not affected by a subsequent database upgrade.

Steps
 

Log in to the main database station as the Oracle management user or the NSP admin user.

Note: The Oracle management user name is specified during database installation; the default is ‘oracle’.


Open a console window.


Enter the following:

Note: If you are logged in as the NSP admin user, you must use sudo to run the command in this step as shown in the following:

sudo -u oracle path/command

bash$ /opt/nsp/nfmp/db/install/config/samdb/SAMDb_security.sh ↵

The following prompt is displayed:

Please select one of the following options:

    1) Setting failed login attempts

    2) Unlock database user

    0) Exit

   Please enter(1,2 or 0):


Enter 1 ↵.

The following prompt is displayed:

Please select one of the following options:

   1) Setting the number of failed login attempts

   2) Remove the number of failed login attempts setting (no checking)

   0) Exit

   Please enter(1,2 or 0):


To specify the allowed number of login failures, perform the following steps.

  1. Enter 1 ↵.

    The following prompt is displayed:

    This value will be used for setting the number of failed login attempts before locking the database user account.

    Please enter value for number of failed login attempts(20 to 1000) (30):

  2. Specify a value between 20 and 1000 and press ↵.

    The following messages are displayed:

    About to change the Oracle database user settings

    Completed changing the Oracle database user settings

  3. Go to Step 7 .


To disable checking for failed login attempts, enter 2 ↵.

The following messages are displayed, and the NFM-P no longer locks the Oracle database user account after multiple login failures.

About to change the Oracle database user settings

Completed changing the Oracle database user settings


Close the console window.

End of steps