16.10 - Password History - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

To aid in researching password reuse status, Teradata Database saves all previously used passwords in the DBC.OldPasswords table. When users successfully change their password, the system:

  • Writes a row containing the current password to DBC.OldPasswords.
  • Deletes old password rows for the user with a date earlier than the current date minus the PasswordReuse time span from DBC.OldPassword.
    If you reset a user password, the system does not enforce any PasswordReuse restriction that would normally apply to that password. PasswordReuse restrictions only apply when users reset their own passwords.

The DBC.OldPassword table contains the following information.

Column Description
UserName Identity of the user to which the password was assigned.
PasswordDate Date the password was changed for the user.
EncryptionFlag Identifies whether the password is encrypted by DES or SHA-256.
PasswordSalt SHA Standard seed needed to encrypt the password.
EncryptedPassword Encrypted password string.
EncryptedPasswordLength
  • DES encrypted passwords = 8 bytes
  • SHA-256 passwords created in V2R6.2 = 27 bytes
  • SHA-256 passwords created in Teradata Database 12.0 and up = 32 bytes