Password Controls | Teradata Vantage - Password Controls - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

Teradata recommends that all sites enforce strong password controls. Teradata Vantage offers several options for controlling password format and usage.

The DBC.SysSecDefaults table contains a set of global controls that restrict the usage and content of passwords for all users, as shown in the following table.

Field Name Description
Usage Controls
ExpirePassword The number of days that must elapse before a password expires.
MaxLogonAttempts The number of erroneous logons the system allows before it locks the user out of the database.
LockedUserExpire (Password Lockout Time) The number of minutes elapsed before the system unlocks a locked user.
PasswordReuse The number of days that must elapse before a user can reuse an expired password.
Format Controls
PasswordMinChar Sets the minimum number of characters required in a password.
PasswordMaxChar Sets the maximum number of characters allowed in a password.
PasswordDigits Determines whether ASCII digits are:
  • Allowed in a password
  • Not allowed in a password
  • Required in a password
PasswordSpecChar Indicates whether ASCII special characters are:
  • Allowed in a password
  • Not allowed in a password
  • Required in a password
You can place tight restrictions on passwords to require that:
  • Passwords must contain at least one ASCII alpha character
  • Passwords must contain a mixture of ASCII upper/lower case letters
  • No password can contain a database username
PasswordRestrictWords Determines whether passwords are rejected if they contain words in the Restricted Words list.
The system creates the DBC.SysSecDefaults table, and provides default values for the password control parameters, during system initialization.