If you specify the PASSWORD or PASSWORD ATTRIBUTES phrase, you must list one or more password control option and specify either a value or NULL (the default) for each.
Password security attributes in a modified profile take effect the next time a profile member user logs on after the modification.
Password controls only affect users authenticated by the database. Externally authenticated users are unaffected.
For detailed description of password control methods, options, and strategies, see “Working with Password Controls” in Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.
Character-related password format controls do not apply to multibyte client character sets on systems enabled with Japanese language support.
Some password control attribute values are not applicable to first-level profile members, but only to children of profile member users. See Effects of Profile-Based Password Controls.
- ATTRIBUTES
- Keywords that introduces a set of password control attributes. Following are brief descriptions of the password controls.
- attribute_name = value
- If you specify a value in a profile for a password control, the value supersedes the global value for profile members.
- attribute_name = NULL
- If the value for an attribute is NULL or if you do not specify the PASSWORD or PASSWORD ATTRIBUTES phrase, the profile defaults to the global password control settings in DBC.SysSecDefaults.
- EXPIRE=n
- The number of days to elapse before the password expires.
- MINCHAR=n
- The minimum number of characters in a password string.
- MAXCHAR=n
- The maximum number of characters in a password string.
- DIGITS=c
- Specifies whether at least one digit must appear in a password string.
- SPECCHAR=c
- Specifies whether various characters or the user name are allowed, not allowed, or required in a user password string.
- MAXLOGONATTEMPTS=n
- Number of incorrect logon attempts allowed before locking the user from further attempts, where n is a value from 0 to 127.
- LOCKEDUSEREXPIRE=n
- Number of minutes to elapse before unlocking a locked user.
- REUSE=n
- Number of days to elapse before a password can be reused.
- RESTRICTWORDS=c
- Specifies whether certain words are restricted from use within a password string.