Due to the bug 28538439 the sys user password expiry date does not get updated on the dba_users view after a password change. This could be reproduced as shown below (DB version 19.13).
After the parameter is set to true restart the database
It seems that value on expiry date column has no influence on the usage if password is set before its life time ends (this was later confirmed by MOS). Below is an output from a DBCM VM DB created with LVM as the storage option.
After Changing SYS Password, DBA_USERS.EXPIRY_DATE Not Updated For SYS User [ID 2518310.1]
Sys Password Reset Is Not Reflecting In Sys.user$ PASSWORD_CHANGE_DATE [ID 2482400.1]
SQL> select USERNAME,ACCOUNT_STATUS,LOCK_DATE,EXPIRY_DATE,CREATED,PROFILE from dba_users where username = 'SYS';Change the sys user password
USERNAME ACCOUNT_ST LOCK_DATE EXPIRY_DA CREATED PROFILE
---------- ---------- --------- --------- --------- ----------
SYS OPEN 07-NOV-21 11-MAY-21 DEFAULT
alter user sys identified by hello_1234;The expiry date for sys user is not updated.
User altered.
USERNAME ACCOUNT_ST LOCK_DATE EXPIRY_DA CREATED PROFILEThe bug first started on 12.2 (refere 2518310.1 and 2482400.1) and patch for bug 28538439 does exists. For 19c this is already included in DBRU (checked on 19.10, 19.12 and 19.13)
---------- ---------- --------- --------- --------- ----------
SYS OPEN 07-NOV-21 11-MAY-21 DEFAULT
$ORACLE_HOME/OPatch/opatch lsinv | grep 28538439Even with the patch inplace the hidden parameter "_enable_ptime_update_for_sys" must be set to true. By default this parameter has the value false. Use query here to check hidden parameter values.
28534475, 28534493, 28535127, 28537481, 28538439, 28541606, 28542455
After the parameter is set to true restart the database
alter system set "_enable_ptime_update_for_sys"=true scope=spfile;After the restart the expiry column would still show the old expiry date even though password was reset.
USERNAME ACCOUNT_ST LOCK_DATE EXPIRY_DA CREATED PROFILEResetting the password again will show the updated value.
---------- ---------- --------- --------- --------- ----------
SYS OPEN 07-NOV-21 11-MAY-21 DEFAULT
alter user sys identified by hello_1234
USERNAME ACCOUNT_ST LOCK_DATE EXPIRY_DA CREATED PROFILE
---------- ---------- --------- --------- --------- ----------
SYS OPEN 01-MAY-22 11-MAY-21 DEFAULT
It seems that value on expiry date column has no influence on the usage if password is set before its life time ends (this was later confirmed by MOS). Below is an output from a DBCM VM DB created with LVM as the storage option.
select USERNAME,ACCOUNT_STATUS,LOCK_DATE,EXPIRY_DATE,CREATED,PROFILE from dba_users where username='SYS';Hidden parameter is not set and sys password is already expired. Even though database was created recently.
NAME VALUE DEFLT TYPE DESCRIPTION
------------------------------ ---------- --------- -------------------- --------------------------------------------------
_enable_ptime_update_for_sys FALSE TRUE boolean Enable/Disable update of user$ for sys
USERNAME ACCOUNT_ST LOCK_DATE EXPIRY_DA CREATED PROFILE
---------- ---------- --------- --------- --------- ----------
SYS OPEN 16-JUN-19 17-APR-19 DEFAULT
SQL> select created from v$database;There's no issue in connecting to the DB as sys.
CREATED
---------
02-NOV-21
sqlplus sys@TESTPW_LHR19D as sysdbaExpiring the password manually seem to update the expiry date value.
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Nov 2 13:07:45 2021
Version 19.12.0.0.0
Copyright (c) 1982, 2021, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 19c EE High Perf Release 19.0.0.0.0 - Production
Version 19.12.0.0.0
SQL>
SQL> alter user sys password expire;But setting the password again seem to set the expiry date to (created date + PASSWORD_LIFE_TIME) which could be again in the past depending on the created date.
User altered.
SQL> select USERNAME,ACCOUNT_STATUS,LOCK_DATE,EXPIRY_DATE,CREATED,PROFILE from dba_users where username='SYS';
USERNAME ACCOUNT_ST LOCK_DATE EXPIRY_DA CREATED PROFILE
---------- ---------- --------- --------- --------- ----------
SYS EXPIRED 02-NOV-21 17-APR-19 DEFAULT
SQL> SELECT RESOURCE_NAME,LIMIT from dba_profiles where profile='DEFAULT' and RESOURCE_NAME='PASSWORD_LIFE_TIME';Useful MOS Docs
RESOURCE_NAME LIMIT
-------------------------------- ------------------------------
PASSWORD_LIFE_TIME 60
SQL> alter user sys identified by hello_1234;
User altered.
SQL> select USERNAME,ACCOUNT_STATUS,LOCK_DATE,EXPIRY_DATE,CREATED,PROFILE from dba_users where username='SYS';
USERNAME ACCOUNT_ST LOCK_DATE EXPIRY_DA CREATED PROFILE
---------- ---------- --------- --------- --------- ----------
SYS OPEN 16-JUN-19 17-APR-19 DEFAULT
SQL> select EXPIRY_DATE-CREATED from dba_users where username='SYS';
EXPIRY_DATE-CREATED
-------------------
60
After Changing SYS Password, DBA_USERS.EXPIRY_DATE Not Updated For SYS User [ID 2518310.1]
Sys Password Reset Is Not Reflecting In Sys.user$ PASSWORD_CHANGE_DATE [ID 2482400.1]