The following table explains the restrictions that can be set for passwords.

Table 25-2 Restrictions that can be set for passwords

Item	Explanation
Specifiable minimum in bytes	You can specify a minimum number of bytes that must be used for a password.
Prohibition on use of the authorization identifier	You can prohibit use of a person's authorization identifier in his or her password character string.
Prohibition on use of only one type of characters#	You can prohibit the use of only one type of characters in a password, such as only upper-case letters or only lower-case letters.

#: The characters that can be specified for passwords can be classified into the following three types:

• Uppercase letters (A to Z, #, @, \)
• Lowercase letters (a to z)
• Numbers (0 to 9)
  

  Hint

  You cannot specify separate password character string restrictions for different users. The specified password character string restrictions will apply uniformly to all HiRDB users (including users with the DBA privilege and the auditor). Password character string restrictions do not apply to simple authenticated users.

  Reference note

  Whether this facility is used, the following specification rule applies to passwords:

  • A password can consist of alphanumeric characters, but must begin with an alphabetic character.

When password character string restrictions are first established, any user whose existing password does not conform to the restrictions is placed in what is called password-invalid account lock state. A user placed in this status can no longer connect to HiRDB.

To release a user from password-invalid account lock state, the user's password must be changed. For details about changing a password, see 25.4.1 Releasing individual users from password-invalid account lock state.

Before establishing password character string restrictions, you can determine how many users will be placed in password-invalid account lock state because of the restrictions. For details about determining the number of such users, see 25.5 Checking for users who will be placed in password-invalid account lock state.

GRANT DBA, GRANT AUDIT, or GRANT CONNECT is used to set a password for a new user. If that password violates a restriction, execution of the GRANT statement will not be successful.

You use CREATE CONNECTION SECURITY to set password character string restrictions. For details about the setting procedure, see 25.2 Setting password character string restrictions.

For details about password character string restrictions, see sections 25.2 through 25.8 and 25.12.