7 comments on “PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX

i found this with oracle 11.2.0.1 for linux , i didn’t know this is an old bug.
thx for sharing

Simple Explanation –

PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX

These two parameters must be set in conjunction with each other. PASSWORD_REUSE_TIME specifies the number of days before which a password cannot be reused. PASSWORD_REUSE_MAX specifies the number of password changes required before the current password can be reused. For these parameter to have any effect, you must specify an integer for both of them.

Source – Oracle Docs.[c[color=black][/color]olor=olive][/color]

Why do repeat the Oracle Doc’s which is already in the text? The problem is OEM related. You should read the whole text. Thank you.

Thanks. I thought I going crazy.

If you want to have the effect of setting a limit on the number of reused passwords but not on how long ago the old one was reused, you can set password_reuse_time to as close to 0 as possible. I find that the smallest is 1/172800, regardless Oracle version. That’s half a second. Obviously, if you or a program wants to cycle through 4 passwords in 0.5 seconds, the restriction imposed by password_reuse_time still takes effect.

If both PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX are set to UNLIMITED, then Oracle uses neither of these password resources.
* If PASSWORD_REUSE_MAX is set to an integer value, PASSWORD_REUSE_TIME must be set to UNLIMITED.

Hi Johannes,

Thanks for your blog on PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX which is very informative but looks like they don’t check case of password character:
e.g. PASSWORD_REUSE_MAX 4 , PASSWORD_REUSE_TIME 360 and have password verification function to check upper and lower case in password.

SQL> ALTER USER power_user IDENTIFIED BY Hoppyhaliday$2;

User altered.

SQL> ALTER USER power_user IDENTIFIED BY hoppyhaliday$2;
ALTER USER power_user IDENTIFIED BY hoppyhaliday$2
*
ERROR at line 1:
ORA-28007: the password cannot be reused

In above password first char is in lower case which makes both password different so in this case, error should be “Password must contain at least one uppercase letter” instead of “the password cannot be reused”. It shows these parameters do not check upper or lower case in password.

Leave a Reply

Your email address will not be published.

What can CarajanDB do for you?