Configuration parameters for user-defined login security

This section documents information about configuration parameters for user-defined login security (UDLS), and should go into Chapter 5, “Setting Configuration Parameters,” of the System Administration Guide.


maximum failed logins

This section provides information about maximum failed logins, a new configuration parameter.

Summary information

Name in pre-12.0 version

N/A

Default value

0

Range of values

0 – 32767

Status

Dynamic

Display level

10

Required role

System Security Officer

maximum failed logins allows you to set the server-wide maximum number of failed login attempts for logins and roles. For example, to set the system-wide maximum failed logins to 5, enter:

sp_configure "maximum failed logins", 5

Use create role to set maximum failed logins for a specific role or creation. To create the intern_role role with the password “temp244”, and set maximum failed logins for intern_role to 20, enter:

create role intern_role with passwd "temp244", maximum failed logins 20

Use sp_modifylogin to set or change maximum failed logins for an existing login. To change maximum failed logins for the login “joe” to 40, enter:

sp_modifylogin "joe", @option="maximum failed logins", @value="40"

NoteThe value parameter is a character datatype; therefore, quotes are required for numeric values.

To change the overrides for maximum failed logins for all logins to 3, enter:

sp_modifylogin "all overrides", "maximum failed logins", "3"

To remove the overrides for maximum failed logins option for all logins, enter:

sp_modifylogin "all overrides", @option="maximum failed logins", @value="-1"

Use alter role to set or change the maximum failed logins for an existing role. For example, to change the maximum failed logins allowed for physician_role to 5, enter:

alter role physician_role set maximum failed logins 5

To remove the overrides for maximum failed logins for all roles, enter:

alter role "all overrides" set maximum failed logins -1

check password for digit

This section provides information about check password for digit, a new configuration parameter.

Summary information

Name in pre-12.0 version

N/A

Default value

0

Range of values

1, 0

Status

Dynamic

Display level

10

Required role

System Security Officer

The System Security Officer can tell the server to check for at least one character or digit in a password using the server-wide configuration parameter check password for digit. If set, this parameter does not affect existing passwords. By default, checking for digits is off.

To activate check password for digit functionality, enter:

sp_configure "check password for digit", 1

To deactivate check password for digit functionality, enter:

sp_configure "check password for digit", 0

minimum password length

This section provides information about minimum password length, a new configuration parameter.

Summary information

Name in pre-12.0 version

minimum password length

Default value

6

Range of values

0 – 30

Status

Dynamic

Display level

10

Required role

System Security Officer

minimum password length allows you to customize the length of server-wide password values or per-login or per-role password values to fit your personal needs. The per-login or per-role minimum password length value overrides the server-wide value. Setting minimum password length affects only the passwords you create after you have set the value; existing password lengths are not changed.

Use minimum password length to specify a server-wide value for minimum password length for both logins and roles. For example, to set the minimum password length for all logins and roles to 4 characters, enter:

sp_configure "minimum password length", 4

To set minimum password length for a specific login at creation, use sp_addlogin. For example, to create the new login “joe” with the password “Djdiek3”, and set minimum password length for “joe” to 4, enter:

sp_addlogin joe, "Djdiek3", minimum password length=4

To set minimum password length for a specific role at creation, use create role. To create the new role “intern_role” with the password “temp244” and set the minimum password length for “intern_role” to 0, enter:

create role intern_role with passwd "temp244", minimum password length 0

The original password is seven characters, but the password can be changed to one of any length because the minimum password length is set to 0.

Use sp_modifylogin to set or change minimum password length for an existing login. sp_modifylogin only effects user roles, not system roles. For example, to change minimum password length for the login “joe” to 8 characters, enter:

sp_modifylogin "joe", @option="minimum password length", @value="8"

NoteThe value parameter is a character datatype; therefore, quotes are required for numeric values.

To change the value of the overrides for minimum password length for all logins to 2 characters, enter:

sp_modifylogin "all overrides", "minimum password length", @value="2"

To remove the overrides for minimum password length for all logins, enter:

sp_modifylogin "all overrides", @option="minimum password length", @value="-1"

Use alter role to set or change the minimum password length for an existing role. For example, to set the minimum password length for “physician_role”, an existing role, to 5 characters, enter:

alter role physician_role set minimum password length 5

To override the minimum password length for all roles, enter:

alter role "all overrides" set minimum password length -1