Password controls only affect users authenticated by the database. Externally authenticated users are unaffected.
Some password control attribute values are not applicable to profile members, but only to children of profile members. See Effects of Profile-Based Password Controls.
For a detailed description of password control methods, options, and strategies, see “Working with Password Controls” in
Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.
Character-related password format controls do not apply to multibyte client character sets on systems enabled with Japanese language support.
- ATTRIBUTES
- Keywords that introduces a set of password control attributes.
- If you specify the PASSWORD or PASSWORD ATTRIBUTES phrase, you must list all 9 of the password control options and specify either a value or NULL (the default) for each. Password security attributes defined in a profile take effect the next time a profile member user logs on.
- NULL
- If the value for an attribute is NULL or if you do not specify the PASSWORD or PASSWORD ATTRIBUTES phrase, the profile defaults to the global password control settings in DBC.SysSecDefaults. If you specify a value in a profile for a password control, the value supersedes the global value for profile members.
-
attribute_name = value
- Following are brief descriptions of the password controls.
- EXPIRE=n
- Number of days to elapse before the password expires.
- A value of 0 for n indicates the password never expires.
- NULL indicates that the EXPIRE option is not set for the profile.
- You can specify any non-zero value to cause new users who are profile members to replace the temporary password specified in their user definitions with a permanent private password at first log on. Users must use the MODIFY USER statement to change their password.
- MINCHAR=n
- Minimum number of characters in a password string.
- The valid range for n is 1-127 UNICODE characters.
- NULL indicates that the MINCHAR option is not set for the profile.
- MAXCHAR=n
- Maximum number of characters in a password string.
- The valid range for n is 1-127 UNICODE characters.
- NULL indicates that the MAXCHAR option is not set for the profile.
- DIGITS=c
- Specifies whether at least one digit must appear in a password string. The table below lists the values you can specify for c.
-
c
|
Description |
N or n |
Digits are not permitted in a password string. |
R or r |
At least one digit is required in a password string. |
Y or y |
Digits are permitted in a password string, but not required. |
NULL |
Indicates that the DIGITS option is not set for the profile. |
- SPECCHAR=c
- Specifies whether various characters or the user name are allowed, not allowed, or required in a user password string.
- The value for SPECCHAR must be one of the single letter option codes shown in Working with the SPECCHAR Password Control, where the letter code you specify for the SPECCHAR option represents a unique set of possible SPECCHAR rules.
- MAXLOGONATTEMPTS=n
- Number of incorrect logon attempts allowed before locking the user from further attempts, where n is a value from 0 to 127.
- A value of 0 for n indicates never to lock the user.
- NULL indicates that the MAXLOGONATTEMPTS option is not set for the profile.
- LOCKEDUSEREXPIRE=n
- Number of minutes to elapse before unlocking a locked user.
-
- If n is 0, Vantage unlocks the user immediately.
- If n is -1, Vantage locks the user indefinitely.
- NULL indicates that the LOCKEDUSEREXPIRE option is not set for the profile.
- REUSE=n
- Number of days to elapse before a password can be reused.
- A value of 0 for n allows the password to be reused immediately.
- NULL indicates that the REUSE option is not set for the profile.
- RESTRICTWORDS=c
- Specifies whether certain words are restricted from use within a password string.
- The valid values for c are listed below.
-
- If c is Y or y, any words listed in DBC.PasswordRestrictions cannot be used in password strings.
- If c is N or n, use of words listed in DBC.PasswordRestrictions in password strings is allowed.
- NULL indicates that the RESTRICTWORDS option is not set for the profile.
- For details, see
Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100 and
Teradata Vantage™ - Database Administration, B035-1093.