'Logging' Logon failures
Sure there's an easy way to do this. My minds gone blank.
Want to allow users 3 attempts to access the database then audit the failure and lock their account.
I was going to use a password profile for the 3 attempts and lock part but how to log it? Will a failed log in be written to SYS.AUD$
Hang on answering my own question here...USER_AUDIT_SESSION?
Anyone implemented this?
The first time somebody gets locked out, the're going to tell you they only failed to login twice.
I'd approach this as two problems. The first problem is auditing failures. I would audit every failure using Oracle built in auditing features. A record will get thrown to sys.aud$ when a failure occurs.
Second, I would lock their account after the third failed attempt.