Why does the PASSWORD_LIFE_TIME not take effect when a user with a profile is inactive and not signed in for a longer period that the value?
(Doc ID 2669982.1)
Last updated on MAY 13, 2020
Applies to:Oracle Database - Enterprise Edition - Version 188.8.131.52 and later
Information in this document applies to any platform.
Why does an inactive user account never expire even after a long period of not signing in, and one that exceeds the PASSWORD_LIFE_TIME?
For example, you may have the following set up:
If we now connect every day with user1, on the 8th day we get the "ORA-28002: the password will expire within 4 days"
However, if we do not connect at all with user2 for several weeks (or even longer), there is no expiration.
Only when the user2 eventually connects, will they then get the "ORA-28002: the password will expire within 4 days"
This therefore, adds up to far more time for a password's life than we have expected or wanted.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document