Adaptive Server version 12.5.4 introduces a combination of new and old mechanisms that allows you to establish rules about passwords for new logins or for passwords that are being reset.
As with earlier versions of Adaptive Server, you can:
Require that passwords contain at least one digit.
Require that passwords have at least a minimum length.
Set a password expiration period.
Require that a login will get locked out after a certain number of failed attempts to log in.
Set an individual login to have its own rules for digits, minimum length, and login failures. The per-login rules override the global logins for that user.
However, Adaptive Server version 12.5.4 you can also:
Specify that the login name should not be a substring of the password.
Set a minimum number of special characters for the password.
Set a minimum number of alphabetic characters for the password
Set a minimum number of upper case letters for the password.
Set a minimum number of lower case letters for the password.
Specify that the password must be reset at first log on.
Set a minimum number of digits for the password.
Set password expiration warning interval.
You can set each of these new options in the Adaptive Server plug-in, or you can use a new stored procedure:
sp_passwordpolicy 'set', option, value
For information about each new option and its valid values, see New password complexity checks below.
Setting new password complexity options creates a row for each option in the sysattributes table. As long as the row for the new option exists, precedence checking uses the new option value and ignores any older corresponding option values.
To return to earlier versions of password rules, either unselect the password complexity options using the Adaptive Server plug-in, or use:
sp_passwordpolicy 'clear’, option
The new password complexity options also have cross checks. For example, if the sum of the min lower case in password and min upper case in password is greater than the min alpha in password, a warning message displays.
