Archives of the TeradataForum
Message Posted: Wed, 16 Apr 2008 @ 16:16:42 GMT
| Subj: | | Re: Extra security elements |
| |
| From: | | Anomy Anom |
<-- Anonymously Posted: Wed, 16 Apr 2008 10:11 -->
If you set ExpirePassword to a nonzero value, the password supplied via CREATE USER is considered "expired" and the user is required to change
it. Or when ExpirePassword is nonzero you can also explicitly MODIFY USER x AS PASSWORD=OneTimeOnly FOR USER;
What exactly do you mean by "locked"? Would (for example) changing the password to some random sequence of characters be sufficient? You can
use MODIFY USER to RELEASE PASSWORD LOCK but not to set it. For that you may have to use some workaround like a client application that issues
repeated logon attempts that intentionally supply the wrong password. (Don't forget to set LockedUserExpire to -1 if you need the ID to remain
locked until manually released.)
You can also REVOKE LOGON, but that creates a specific LogonRule (which can be specifically reversed by a GRANT LOGON but can't be reverted to
system default).
| 
