{"id":15388,"date":"2020-12-10T12:14:39","date_gmt":"2020-12-10T11:14:39","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/"},"modified":"2023-06-20T10:11:08","modified_gmt":"2023-06-20T08:11:08","slug":"oracle-21c-security-gradual-database-password-rollover","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/","title":{"rendered":"Oracle 21c Security : Gradual Database Password Rollover"},"content":{"rendered":"<p><strong>By Mouhamadou Diaw<\/strong><\/p>\n<p>Starting with Oracle 21c, a password of an application can be changed without having to schedule a downtime. This can be done by using the new profile parameter PASSWORD_ROLLOVER_TIME<br \/>\nThis will set a rollover period of time where the application can log in using either the old password or the new password. With this enhancement, an administrator does not need any more to take the application down when the application database password is being rotated.<br \/>\nLet see in this blog how this works<\/p>\n<div>\n<div id=\"highlighter_614026\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; show pdbs<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">CON_ID CON_NAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/code><code class=\"sql keyword\">OPEN<\/code> <code class=\"sql plain\">MODE\u00a0 RESTRICTED<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql comments\">---------- ------------------------------ ---------- ----------<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">2 PDB$SEED\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/code><code class=\"sql keyword\">READ<\/code> <code class=\"sql keyword\">ONLY<\/code>\u00a0 <code class=\"sql keyword\">NO<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">3 PDB1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/code><code class=\"sql keyword\">READ<\/code> <code class=\"sql plain\">WRITE <\/code><code class=\"sql keyword\">NO<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>First we create a profile in PDB1<\/p>\n<div>\n<div id=\"highlighter_254182\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; show con_name;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">CON_NAME<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql comments\">------------------------------<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"sql plain\">PDB1<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">CREATE<\/code> <code class=\"sql plain\">PROFILE testgradualrollover LIMIT<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"sql spaces\">\u00a0<\/code><code class=\"sql plain\">FAILED_LOGIN_ATTEMPTS 4<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"sql spaces\">\u00a0<\/code><code class=\"sql plain\">PASSWORD_ROLLOVER_TIME 4;\u00a0 <\/code><\/div>\n<div class=\"line number11 index10 alt2\"><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"sql plain\">Profile created.<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Note that the parameter PASSWORD_ROLLOVER_TIME is specified in days. For example, 1\/24 means 1H.<br \/>\nThe minimum value for this parameter is 1h and the maximum value is 60 days or the lower value of the PASSWORD_LIFE_TIME or PASSWORD_GRACE_TIME parameter.<br \/>\nNow let\u2019s create a new user in PDB1 and let\u2019s assign him the profile we created<\/p>\n<div>\n<div id=\"highlighter_486945\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">create<\/code> <code class=\"sql color2\">user<\/code> <code class=\"sql plain\">edge identified <\/code><code class=\"sql keyword\">by<\/code> <code class=\"sql string\">\"Borftg8957##\"<\/code>\u00a0 <code class=\"sql plain\">profile testgradualrollover;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql color2\">User<\/code> <code class=\"sql plain\">created.<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">grant<\/code> <code class=\"sql keyword\">create<\/code> <code class=\"sql plain\">session <\/code><code class=\"sql keyword\">to<\/code> <code class=\"sql plain\">edge;<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"sql keyword\">Grant<\/code> <code class=\"sql plain\">succeeded.<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>We can also verify the status of the account in the PDB<\/p>\n<div>\n<div id=\"highlighter_573330\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt;\u00a0 <\/code><code class=\"sql keyword\">select<\/code> <code class=\"sql plain\">username,account_status <\/code><code class=\"sql keyword\">from<\/code> <code class=\"sql plain\">dba_users <\/code><code class=\"sql keyword\">where<\/code> <code class=\"sql plain\">username=<\/code><code class=\"sql string\">'EDGE'<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">USERNAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ACCOUNT_STATUS<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql comments\">-------------------- --------------------<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"sql plain\">EDGE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/code><code class=\"sql keyword\">OPEN<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Now let\u2019s log with new user<\/p>\n<div>\n<div id=\"highlighter_548597\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">[oracle@oraadserver admin]$ sqlplus edge\/<\/code><code class=\"sql string\">\"Borftg8957##\"<\/code><code class=\"sql plain\">@pdb1<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">SQL*Plus: Release 21.0.0.0.0 - Production <\/code><code class=\"sql keyword\">on<\/code> <code class=\"sql plain\">Thu <\/code><code class=\"sql keyword\">Dec<\/code> <code class=\"sql plain\">10 11:14:07 2020<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql plain\">Version 21.1.0.0.0<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"sql plain\">Copyright (c) 1982, 2020, Oracle.\u00a0 <\/code><code class=\"sql color1\">All<\/code> <code class=\"sql plain\">rights reserved.<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><\/div>\n<div class=\"line number8 index7 alt1\"><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"sql plain\">Connected <\/code><code class=\"sql keyword\">to<\/code><code class=\"sql plain\">:<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"sql plain\">Oracle <\/code><code class=\"sql keyword\">Database<\/code> <code class=\"sql plain\">21c Enterprise Edition Release 21.0.0.0.0 - Production<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"sql plain\">Version 21.1.0.0.0<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"sql plain\">SQL&gt; show con_name;<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"sql plain\">CON_NAME<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><code class=\"sql comments\">------------------------------<\/code><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"sql plain\">PDB1<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"sql plain\">SQL&gt; show <\/code><code class=\"sql color2\">user<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number19 index18 alt2\"><code class=\"sql color2\">USER<\/code> <code class=\"sql keyword\">is<\/code> <code class=\"sql string\">\"EDGE\"<\/code><\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Now let\u2019s change the password of the user edge<\/p>\n<div>\n<div id=\"highlighter_573099\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">alter<\/code> <code class=\"sql color2\">user<\/code> <code class=\"sql plain\">edge identified <\/code><code class=\"sql keyword\">by<\/code> <code class=\"sql string\">\"Morfgt5879!!\"<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql color2\">User<\/code> <code class=\"sql plain\">altered.<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>As the rollover period is set to 4 days in the profile testgradualrollover, the user edge should be able to connect during 4 days with either the old password or the new one.<br \/>\nLet\u2019s test with the old password<\/p>\n<div>\n<div id=\"highlighter_552478\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2 highlighted\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<div class=\"line number21 index20 alt2\">21<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2 highlighted\"><code class=\"sql plain\">[oracle@oraadserver admin]$ sqlplus edge\/<\/code><code class=\"sql string\">\"Borftg8957##\"<\/code><code class=\"sql plain\">@pdb1<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">SQL*Plus: Release 21.0.0.0.0 - Production <\/code><code class=\"sql keyword\">on<\/code> <code class=\"sql plain\">Thu <\/code><code class=\"sql keyword\">Dec<\/code> <code class=\"sql plain\">10 11:21:02 2020<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql plain\">Version 21.1.0.0.0<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"sql plain\">Copyright (c) 1982, 2020, Oracle.\u00a0 <\/code><code class=\"sql color1\">All<\/code> <code class=\"sql plain\">rights reserved.<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"sql keyword\">Last<\/code> <code class=\"sql plain\">Successful login <\/code><code class=\"sql keyword\">time<\/code><code class=\"sql plain\">: Thu <\/code><code class=\"sql keyword\">Dec<\/code> <code class=\"sql plain\">10 2020 11:14:07 +01:00<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"sql plain\">Connected <\/code><code class=\"sql keyword\">to<\/code><code class=\"sql plain\">:<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"sql plain\">Oracle <\/code><code class=\"sql keyword\">Database<\/code> <code class=\"sql plain\">21c Enterprise Edition Release 21.0.0.0.0 - Production<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"sql plain\">Version 21.1.0.0.0<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"sql plain\">SQL&gt; show con_name;<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><\/div>\n<div class=\"line number16 index15 alt1\"><code class=\"sql plain\">CON_NAME<\/code><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"sql comments\">------------------------------<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"sql plain\">PDB1<\/code><\/div>\n<div class=\"line number19 index18 alt2\"><code class=\"sql plain\">SQL&gt; show <\/code><code class=\"sql color2\">user<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"sql color2\">USER<\/code> <code class=\"sql keyword\">is<\/code> <code class=\"sql string\">\"EDGE\"<\/code><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Let\u2019s test with the new password<\/p>\n<div>\n<div id=\"highlighter_173340\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2 highlighted\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<div class=\"line number21 index20 alt2\">21<\/div>\n<div class=\"line number22 index21 alt1\">22<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2 highlighted\"><code class=\"sql plain\">[oracle@oraadserver ~]$ sqlplus edge\/<\/code><code class=\"sql string\">'Morfgt5879!!'<\/code><code class=\"sql plain\">@pdb1<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">SQL*Plus: Release 21.0.0.0.0 - Production <\/code><code class=\"sql keyword\">on<\/code> <code class=\"sql plain\">Thu <\/code><code class=\"sql keyword\">Dec<\/code> <code class=\"sql plain\">10 11:24:52 2020<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql plain\">Version 21.1.0.0.0<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"sql plain\">Copyright (c) 1982, 2020, Oracle.\u00a0 <\/code><code class=\"sql color1\">All<\/code> <code class=\"sql plain\">rights reserved.<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"sql keyword\">Last<\/code> <code class=\"sql plain\">Successful login <\/code><code class=\"sql keyword\">time<\/code><code class=\"sql plain\">: Thu <\/code><code class=\"sql keyword\">Dec<\/code> <code class=\"sql plain\">10 2020 11:21:02 +01:00<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"sql plain\">Connected <\/code><code class=\"sql keyword\">to<\/code><code class=\"sql plain\">:<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"sql plain\">Oracle <\/code><code class=\"sql keyword\">Database<\/code> <code class=\"sql plain\">21c Enterprise Edition Release 21.0.0.0.0 - Production<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"sql plain\">Version 21.1.0.0.0<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"sql plain\">SQL&gt; show <\/code><code class=\"sql color2\">user<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"sql color2\">USER<\/code> <code class=\"sql keyword\">is<\/code> <code class=\"sql string\">\"EDGE\"<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"sql plain\">SQL&gt; show con_name;<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><\/div>\n<div class=\"line number19 index18 alt2\"><code class=\"sql plain\">CON_NAME<\/code><\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"sql comments\">------------------------------<\/code><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"sql plain\">PDB1<\/code><\/div>\n<div class=\"line number22 index21 alt1\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>We can see that the connection is successfully done with both cases. If we query the dba_users we can see the status of the rollover<\/p>\n<div>\n<div id=\"highlighter_394342\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2 highlighted\">5<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">select<\/code> <code class=\"sql plain\">username,account_status <\/code><code class=\"sql keyword\">from<\/code> <code class=\"sql plain\">dba_users <\/code><code class=\"sql keyword\">where<\/code> <code class=\"sql plain\">username=<\/code><code class=\"sql string\">'EDGE'<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">USERNAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ACCOUNT_STATUS<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql comments\">-------------------- --------------------<\/code><\/div>\n<div class=\"line number5 index4 alt2 highlighted\"><code class=\"sql plain\">EDGE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/code><code class=\"sql keyword\">OPEN<\/code> <code class=\"sql plain\">&amp; <\/code><code class=\"sql color1\">IN<\/code> <code class=\"sql plain\">ROLLOVER<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>To end the password rollover period<br \/>\n-Let the password rollover expire on its own<br \/>\n-As either the user or an administrator run the command<\/p>\n<div>\n<div id=\"highlighter_919067\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql keyword\">Alter<\/code> <code class=\"sql color2\">user<\/code> <code class=\"sql plain\">edge expire <\/code><code class=\"sql keyword\">password<\/code> <code class=\"sql plain\">rollover period;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>-As an administrator, expire the user password<\/p>\n<div>\n<div id=\"highlighter_632282\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql keyword\">Alter<\/code> <code class=\"sql color2\">user<\/code> <code class=\"sql plain\">edge <\/code><code class=\"sql keyword\">password<\/code> <code class=\"sql plain\">expire;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Database behavior during the gradual password rollover period can be found <a href=\"https:\/\/docs.oracle.com\/en\/database\/oracle\/oracle-database\/21\/dbseg\/configuring-authentication.html#GUID-0A8AC37D-F89C-4EB8-857A-C9C14898AED5\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> in the documentation<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Mouhamadou Diaw Starting with Oracle 21c, a password of an application can be changed without having to schedule a downtime. This can be done by using the new profile parameter PASSWORD_ROLLOVER_TIME This will set a rollover period of time where the application can log in using either the old password or the new password. [&hellip;]<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229,198,59,149],"tags":[2208,137,2209,2210,25],"type_dbi":[],"class_list":["post-15388","post","type-post","status-publish","format-standard","hentry","category-database-administration-monitoring","category-database-management","category-oracle","category-security","tag-gradual-password-rollover","tag-oracle-21c","tag-oracle-profile","tag-password-lifetime","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Oracle 21c Security : Gradual Database Password Rollover - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Oracle 21c Security : Gradual Database Password Rollover\" \/>\n<meta property=\"og:description\" content=\"By Mouhamadou Diaw Starting with Oracle 21c, a password of an application can be changed without having to schedule a downtime. This can be done by using the new profile parameter PASSWORD_ROLLOVER_TIME This will set a rollover period of time where the application can log in using either the old password or the new password. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-10T11:14:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-20T08:11:08+00:00\" \/>\n<meta name=\"author\" content=\"Oracle Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oracle Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/\"},\"author\":{\"name\":\"Oracle Team\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"headline\":\"Oracle 21c Security : Gradual Database Password Rollover\",\"datePublished\":\"2020-12-10T11:14:39+00:00\",\"dateModified\":\"2023-06-20T08:11:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/\"},\"wordCount\":309,\"commentCount\":0,\"keywords\":[\"gradual password rollover\",\"Oracle 21C\",\"oracle profile\",\"password lifetime\",\"Security\"],\"articleSection\":[\"Database Administration &amp; Monitoring\",\"Database management\",\"Oracle\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/\",\"name\":\"Oracle 21c Security : Gradual Database Password Rollover - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"datePublished\":\"2020-12-10T11:14:39+00:00\",\"dateModified\":\"2023-06-20T08:11:08+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Oracle 21c Security : Gradual Database Password Rollover\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\",\"name\":\"Oracle Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"caption\":\"Oracle Team\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Oracle 21c Security : Gradual Database Password Rollover - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/","og_locale":"en_US","og_type":"article","og_title":"Oracle 21c Security : Gradual Database Password Rollover","og_description":"By Mouhamadou Diaw Starting with Oracle 21c, a password of an application can be changed without having to schedule a downtime. This can be done by using the new profile parameter PASSWORD_ROLLOVER_TIME This will set a rollover period of time where the application can log in using either the old password or the new password. [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/","og_site_name":"dbi Blog","article_published_time":"2020-12-10T11:14:39+00:00","article_modified_time":"2023-06-20T08:11:08+00:00","author":"Oracle Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oracle Team","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/"},"author":{"name":"Oracle Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"headline":"Oracle 21c Security : Gradual Database Password Rollover","datePublished":"2020-12-10T11:14:39+00:00","dateModified":"2023-06-20T08:11:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/"},"wordCount":309,"commentCount":0,"keywords":["gradual password rollover","Oracle 21C","oracle profile","password lifetime","Security"],"articleSection":["Database Administration &amp; Monitoring","Database management","Oracle","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/","url":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/","name":"Oracle 21c Security : Gradual Database Password Rollover - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2020-12-10T11:14:39+00:00","dateModified":"2023-06-20T08:11:08+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/oracle-21c-security-gradual-database-password-rollover\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Oracle 21c Security : Gradual Database Password Rollover"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee","name":"Oracle Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","caption":"Oracle Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/15388","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=15388"}],"version-history":[{"count":1,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/15388\/revisions"}],"predecessor-version":[{"id":26132,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/15388\/revisions\/26132"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=15388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=15388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=15388"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=15388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}