16.10 - About Password Controls - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

Teradata recommends that all sites enforce strong password controls. Teradata Database offers several options for controlling password format and usage.

The DBC.SysSecDefaults table contains a set of global controls that restrict the usage and content of passwords for all users, as shown in the following table:

Field Name Description
Usage Controls
ExpirePassword The number of days that must elapse before a password expires.
MaxLogonAttempts The number of erroneous logons the system allows before it locks the user out of the database.
LockedUserExpire (Password Lockout Time) The number of minutes elapsed before the system unlocks a locked user.
PasswordReuse The number of days that must elapse before a user can reuse an expired password.
Format Controls
PasswordMinChar Sets the minimum number of characters required in a password.
PasswordMaxChar Sets the maximum number of characters allowed in a password.
PasswordDigits Determines whether ASCII digits are:
  • Allowed in a password
  • Not allowed in a password
  • Required in a password
PasswordSpecChar Indicates whether ASCII special characters are:
  • Allowed in a password
  • Not allowed in a password
  • Required in a password

You can place tight restrictions on passwords to require that:

  • Passwords must contain at least one ASCII alpha character
  • Passwords must contain a mixture of ASCII upper/lower case letters
  • No password can contain a database username
PasswordRestrictWords Determines whether passwords are rejected if they contain words in the Restricted Words list.
The system creates the DBC.SysSecDefaults table, and provides default values for the password control parameters, during system initialization.