Nonstop Database, HiRDB Version 9 System Operation Guide
Executor: DBA privilege holder
This section explains the procedure for initial set-up of password character string restrictions. You must perform the steps in the order they are shown below, beginning with step (1).
You should evaluate the restrictions that can be set for passwords. The restrictions you should consider are shown in the following table.
Table 25-3 Restrictions that can be set for passwords
Restriction | Explanation |
---|---|
Specifiable minimum in bytes | Specify in bytes the minimum number of characters that can be used for a password. The specifiable range of the minimum number of characters for a password is between 6 and 15. |
Prohibition on use of the authorization identifier | Specify whether inclusion of the person's authorization identifier in the password character string is to be prohibited. If prohibition is specified, the following passwords would be prohibited.
|
Prohibition on use of only one type of characters | Specify whether use of only one type of characters for a password is to be prohibited. If prohibition is specified, the following passwords would be prohibited.
|
You should check in advance for existing users whose existing password will not conform to the proposed restrictions. Because the nonconforming users will be placed in password-invalid account lock state, they will no longer be permitted to connect to HiRDB. Before establishing restrictions, you should identify the users whose existing password will be in violation of the restrictions. For details about the identification procedure, see 25.5 Checking for users who will be placed in password-invalid account lock state.
Use a GRANT statement to change the password of a user whose existing password does not conform to the password restrictions. Examples follow.
GRANT CONNECT TO USER01 IDENTIFIED BY "f51HD7tc"
GRANT DBA TO ADMIN01 IDENTIFIED BY "gd4A@sPL"
GRANT AUDIT IDENTIFIED BY "a0h7Fc3K"
Use CREATE CONNECTION SECURITY to set the desired password character string restrictions.
An example of specifying CREATE CONNECTION SECURITY follows.
CREATE CONNECTION SECURITY FOR PASSWORD MIN LENGTH 8 ...1 USER IDENTIFIER RESTRICT ...2 SIMILAR RESTRICT ...3
Check for users in password-invalid account lock state. For details about how to perform this check, see 25.4.1(1) Check for users in password-invalid account lock state.
All Rights Reserved. Copyright (C) 2011, 2015, Hitachi, Ltd.