989477f7a4
PowerShell scripts for setting up Oracle 21c/XE with ROA application: - Automated tablespace, user creation and imports - sqlnet.ora config for Instant Client 11g/ODBC compatibility - Oracle 21c read-only Home path handling (homes/OraDB21Home1) - Listener restart + 10G password verifier for legacy auth - Tested on VM 302 with CONTAFIN_ORACLE schema import Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
100 lines
2.9 KiB
SQL
100 lines
2.9 KiB
SQL
-- ============================================================================
|
|
-- PASSWORD PROFILE CONFIGURATION
|
|
-- ============================================================================
|
|
-- Configures DEFAULT profile for no password expiration
|
|
-- CRITICAL for ROA application compatibility
|
|
--
|
|
-- This script disables all password restrictions to prevent:
|
|
-- - Password expiration issues during long-running installations
|
|
-- - Account lockouts from failed login attempts
|
|
-- - Password reuse restrictions
|
|
--
|
|
-- WARNING: This reduces security. For production environments, consider
|
|
-- creating a custom profile with appropriate settings.
|
|
--
|
|
-- Usage:
|
|
-- @configure-profile.sql
|
|
--
|
|
-- Connect as: SYSDBA
|
|
-- ============================================================================
|
|
|
|
SET ECHO OFF
|
|
SET FEEDBACK ON
|
|
SET SERVEROUTPUT ON
|
|
WHENEVER SQLERROR CONTINUE
|
|
|
|
PROMPT
|
|
PROMPT ========================================
|
|
PROMPT Configuring Password Profile
|
|
PROMPT ========================================
|
|
PROMPT
|
|
|
|
-- Show current profile settings
|
|
PROMPT Current DEFAULT profile settings:
|
|
SELECT resource_name, limit
|
|
FROM dba_profiles
|
|
WHERE profile = 'DEFAULT'
|
|
AND resource_type = 'PASSWORD'
|
|
ORDER BY resource_name;
|
|
|
|
PROMPT
|
|
PROMPT Modifying DEFAULT profile for ROA compatibility...
|
|
PROMPT
|
|
|
|
-- Disable password expiration
|
|
ALTER PROFILE DEFAULT LIMIT
|
|
PASSWORD_LIFE_TIME UNLIMITED
|
|
PASSWORD_REUSE_TIME UNLIMITED
|
|
PASSWORD_REUSE_MAX UNLIMITED
|
|
PASSWORD_VERIFY_FUNCTION NULL
|
|
PASSWORD_LOCK_TIME UNLIMITED
|
|
PASSWORD_GRACE_TIME UNLIMITED
|
|
FAILED_LOGIN_ATTEMPTS UNLIMITED;
|
|
|
|
PROMPT
|
|
PROMPT ========================================
|
|
PROMPT Profile Configuration Complete
|
|
PROMPT ========================================
|
|
PROMPT
|
|
|
|
-- Verify new settings
|
|
PROMPT New DEFAULT profile settings:
|
|
SELECT resource_name, limit
|
|
FROM dba_profiles
|
|
WHERE profile = 'DEFAULT'
|
|
AND resource_type = 'PASSWORD'
|
|
ORDER BY resource_name;
|
|
|
|
PROMPT
|
|
PROMPT WARNING: Password restrictions have been disabled.
|
|
PROMPT For production environments, consider creating a custom
|
|
PROMPT profile with appropriate security settings.
|
|
PROMPT
|
|
|
|
-- Unlock any locked accounts (optional)
|
|
PROMPT
|
|
PROMPT Unlocking ROA-related accounts if locked...
|
|
DECLARE
|
|
v_sql VARCHAR2(200);
|
|
BEGIN
|
|
FOR rec IN (SELECT username FROM dba_users
|
|
WHERE account_status LIKE '%LOCKED%'
|
|
AND username IN ('CONTAFIN_ORACLE', 'SYSTEM')) LOOP
|
|
v_sql := 'ALTER USER ' || rec.username || ' ACCOUNT UNLOCK';
|
|
EXECUTE IMMEDIATE v_sql;
|
|
DBMS_OUTPUT.PUT_LINE('Unlocked user: ' || rec.username);
|
|
END LOOP;
|
|
END;
|
|
/
|
|
|
|
-- Reset expired passwords (optional - requires manual password)
|
|
PROMPT
|
|
PROMPT If any accounts show EXPIRED status, reset their passwords:
|
|
SELECT username, account_status
|
|
FROM dba_users
|
|
WHERE username IN ('CONTAFIN_ORACLE', 'SYSTEM', 'SYS')
|
|
OR username LIKE 'FIRMA%'
|
|
OR username LIKE 'TEST%';
|
|
|
|
PROMPT
|