Home Page for the TeradataForum
 

Archives of the TeradataForum

Message Posted: Tue, 06 Jun 2000 @ 21:56:29 GMT


     
  <Prev Next>   <<First <Prev Next> Last>>  


Subj:   Re: User/password questions
 
From:   John Street

This is an extract from the security admin guide, as you can see there are many ways of adjusting the logon security.

Password Control

Introduction

Several password control features enhance Teradata security as follows:

Feature Description

Password Expiration Allows the security administrator to define a time span during which a password is valid. After the time elapses, the user must change the password. Password Reuse This feature, which complements the password expiration feature, allows the security administrator to define the time span that must elapse before a previously used password can be reassigned to a user. Maximum Logon Attempt Defines the number of erroneous sequential logon attempts a user is allowed before the user is locked to further logon attempts. Password Lockout Time Sets the user lock time duration after the user has exceeded the maximum number of logon attempts. Miscellaneous Password Features Allow the security administrator to restrict the number of characters in the password, and to control the use of digits and special characters.

SysSecDefaults Table

The security administrator sets up the password features for a Teradata RDBMS by updating columns of a single row in user DBC table DBC.SysSecDefaults. The single row in the table is read by the Teradata RDBMS at system startup. The software uses the values in the columns to determine whether the option has been selected.

Note: The system must be restarted to read the DBC.SysSecDefaults table and to make changed values operational.

The rules selected apply to all users attempting to log on to the Teradata RDBMS, regardless of the logical client system from which the logon is received. The only override to the rules is the null password option, which allows a user to log on without a password and bypass all rules pertaining to user authentication.

A Teradata SQL description of the DBC.SysSecDefaults table is as follows:

CREATE TABLE DBC.SysSecDefaults, FALLBACK
( PrimeIndex BYTEINT BETWEEN 1 AND 1 NOT NULL,
ExpirePassword SMALLINT NOT NULL,
PasswordMinChar BYTEINT BETWEEN 1 AND 30 NOT NULL,
PasswordMaxChar BYTEINT BETWEEN 1 AND 30 NOT NULL,
PasswordDigits CHAR(1) UPPERCASE NOT NULL,
PasswordSpecChar CHAR(1) UPPERCASE NOT NULL,
MaxLogonAttempts BYTEINT NOT NULL,
LockedUserExpire SMALLINT NOT NULL,
PasswordReUse SMALLINT NOT NULL )
UNIQUE PRIMARY INDEX( PrimeIndex );

User DBC has update and select access rights on the table. The default values in the row (which are initialized by the dictionary initialization and conversion utilities) are as follows:

INSERT INTO DBC.SysSecDefaults
(1, /* Primary Index for single row */
0, /* Do not expire passwords */
1, /* Minimum characters in password */
30, /* Maximum characters in password */
'Y', /* Allow digits in password */
'Y', /* Allow special characters in password */
0, /* Allow unlimited logon attempts */
0, /* Do not lock user on erroneous password */
0 /* Allow immediate password reuse */
);

User DBC can use a simple update statement to change a default value. The option then becomes effective after the system is restarted. The following example shows the UPDATE statement to set the minimum number of password characters to eight:

UPDATE DBC.SysSecDefaults SET PasswordMinChar = 8 ;



     
  <Prev Next>   <<First <Prev Next> Last>>  
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 15 Jun 2023