There are several configure replication server options you can use to implement and administer Replication Server password security for all users. Replication Server uses password encryption instead of clear text when storing all passwords for new Replication Server installations.
configure replication server set password_param to 'parameter_value'
password_parameter | Description |
---|---|
min_password_len |
Minimum number of characters required.
|
max_password_len |
Maximum number of characters. Always set max_password_len to a value greater than min_password_len. Range – 13 to 30 (default 30). |
password_lowercase_required |
Whether lowercase characters are required.
|
password_uppercase_required |
Whether uppercase characters are required.
|
password_numeric_required |
Whether a numeric character is required.
|
password_special_required |
Whether a special character is required.
|
simple_passwords_allowed |
If you set this option (or "simple_passwords_allowed") to false, Replication Server does not allow the password to contain the user name or any values from a user password dictionary.
You can create the password dictionary in the RSSD in the
rs_dictionary system table. The table does
not store default values. You must create your own scripts to
insert values into the table. For
example:
insert into rs_dictionary (words) values (“abcd”); insert into rs_dictionary (words) values (“1234”); |
disallowed_prev_passwords |
Number of previous passwords that cannot be reused when the user changes his or her password.
The parameter value does not apply to a user password when the administrator is resetting the password. |
password_expiration |
Number of days after which the password expires.
You can use password_expiration with alter user and create user. If the password has expired, Replication Server locks the account and notifies the user that the password has expired. If the user does not reset his password, he or she cannot log in once disconnected until the administrator resets the password. The new password must meet all the password requirements. Passwords do not expire for any user that rs_init creates with connect source permission or the ID user. These passwords override any setting for password_expiration that you set for all users in the Replication Server. Databases, other Replication Servers, and Replication Agents use user IDs with connect source permission. Administrators set the password to not expire for any user that is created for Replication Agent or an RSI. |
initial_password_expiration |
Number of days after which the initial password expires.
An initial password for a user is the password set by the administrator when creating the user or when resetting the user password. |
max_failed_logins |
Maximum number of failed login attempts Replication Server allows before locking the account.
Replication Server locks the account according to the time interval set in password_lock_interval. |
password_lock_interval |
Number of minutes that an account remains locked if the user reaches the maximum number of login attempts set in max_failed_logins.
|
unused_login_expiration |
Number of days after which an unused user account expires.
Replication Server locks an account that remains unused for longer than unused_login_expiration. The administrator can reactivate the acount by resetting the password. |
configure replication server set min_password_len to '8'
configure replication server set password_expiration to '90'