Password life time   Specifies the maximum number of days before the user's password must be changed. The default is Unlimited.

Password grace time   Specifies when to display a warning to a user that their password is about to expire. The value is the number of days before expiry that the warning should be displayed. The default is 0.

Password expiry on next login   Specifies whether the user's password expires after the next login. If the value for this option is On, the user's password expires after the next login. The default is Off.

Locked   Specifies whether the user is locked out (unable to connect to the database). A user can be locked out because they exceeded the Maximum Failed Login Attempts setting attempting to log in. The default is Off.

Maximum connections   Specifies the maximum number of concurrent connections allowed for the user. The default is Unlimited.

Maximum failed login attempts   Specifies the maximum number of failed attempts allowed (since the last successful login) before the login account is locked. The default is Unlimited.

Maximum days since login   Specifies the maximum number of days that can elapse between two successive logins by the user. If the number of days exceeds this setting, the user is locked out. The default is Unlimited.

Maximum non-DBA connections   Specifies the maximum number of concurrent connections that a user without the SYS_AUTH_DBA_ROLE system role can make. This option is only supported for the root login policy. The default is Unlimited.

Auto unlock time   Specifies the time period, in minutes, after which locked accounts are automatically unlocked. The default is Unlimited.

Root auto unlock time   Specifies the time period, in minutes, after which locked accounts are automatically unlocked. This option is only supported for the root login policy. The default is 1.

LDAP primary server   Specifies the name of the primary LDAP server.

LDAP secondary server   Specifies the name of the secondary LDAP server.

LDAP auto failback period   Specifies the time period in minutes after which automatic fallback to primary server is attempted. The default is 15.

LDAP failover to standard authentication   Specifies whether to permit standard authentication when authentication with the LDAP server fails due to failure to locate the Distinguished Name for a user, a lack of system resources,a network outage, connection timeouts, or similar system failures. This setting does not permit an actual authentication failure returned from an LDAP server to failover to standard authentication (as is the case when the user is located but the supplied password does not match). The default is On.

Change password dual control   Specifies if dual control password changing is enabled. If this option is set to On, the user requires two administrators to set a password. The first administrator specifies the first part of the password and the second administrator specifies the second part of the password. Dual control password changing prevents a password administrator from knowing the complete password of another user. The default is Off.