Re: account locking up
Date: Thu, 11 Apr 2013 18:13:08 -0500
Message-ID: <CAPTPB10B12DSCUUfu5ouRvAKOp_45xirSXt358ZZ31tRpbpjuA_at_mail.gmail.com>
Thanks to everyone who responded.
For now, we have set the failed login attempts to unlimited. Looks like we need to turn on auditing to figure out more information about the connection information. Looking at the listener log, the connect requests are coming only from the app server, esp the one right before the account lock time. Maybe auditing will shed some help as to the sql(?) coming from there.
On Thu, Apr 11, 2013 at 11:03 AM, MacGregor, Ian A. <ian_at_slac.stanford.edu>wrote:
> Be careful here. There is a new feature in Oracle 11 concerning failed
> logins. MOS is not responding right now but
>
>
> http://askdba.org/weblog/2012/01/11g-multiple-failed-login-attempt-can-block-new-application-connections/
>
> explains it adequately. It can be a real pain. There is a patch to
> turn off the behavior.
>
> I think the number is 13696216, but I cannot verify that now.
>
>
> Ian A. MacGregor
> SLAC National Accelerator Laboratory
> ________________________________________
> From: oracle-l-bounce_at_freelists.org [oracle-l-bounce_at_freelists.org] On
> Behalf Of Peter Hitchman [pjhoraclel_at_gmail.com]
> Sent: Thursday, April 11, 2013 3:04 AM
> To: oracle-l
> Subject: Re: account locking up
>
> Hi
> You could also change the profile being used to allow unlimited
> failed_login_attempts, to stop what is in effect a denial of service
> situation.
> Regards
> Pete
>
>
> į\--
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Apr 12 2013 - 01:13:08 CEST