The max_failed_login_attempts policy option restricts the number of failed login attempts for database users. To ensure that a DBA user is not locked out of the database indefinitely, the account is locked for one minute once the user exceeds the specified number of failed connection attempts defined in their login policy.
To work around the one minute lockout, you can restart the database. After restarting the database, a user with DBA authority is allowed one login attempt, even if the number of failed login attempts for the user is more than maximum allowed by the login policy. If this login attempt fails, the user must wait one minute before attempting to connect to the database. Another user with DBA authority can unlock the account manually by using the ALTER USER...RESET LOGIN POLICY statement.
As a best practice, and to avoid a situation where the active DBA password is compromised, lost, or forgotten, you can create additional DBA users and place the passwords for those users in a secure location. If the active DBA account is compromised, you can log in as one of the extra DBA users and delete the compromised DBA user account.
Discuss this page in DocCommentXchange.
|Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1|