we are using Oracle Database 12c (migrating to 19c in the next months) as basis for an application. Currently I`m dealing with a general password guideline and how to implement the requirements of the guideline to the oracle user-passwords.
I know that i can write my own password verify function in the utlpwdmg.sql script to force a certain level of complexity of the password. I can also set the PASSWORD_LIFE_TIME and so on. But is it also possible to set a minimum time, a password is not allowed to be changed (e.g. I have set my password, and in the next 24 hours i am not allowed to change my password again)? I can`t find a resource which corresponds to this requirement.
Thank you very much!
Not directly, as far as I can tell.
My Oracle Support document ID 2036008.1 suggests us to create our own function (let's call it password_minimum_age) which will be checking it.
Shortly, you'd select ptime from sys.user$ for that particular username and compare it to sysdate; if you find out that it is changed too soon, raise an error.
You'd then use that function to create profile, e.g.
create profile password_age limit password_verify_function password_minimum_age;
and alter user to use that profile:
alter user scott profile password_age;