Chapter 1: System Procedures

sp_modifylogin

Description

Modifies the default database, default language, default role activation, login script, full name, the password expiration interval, the minimum password length, and the maximum number of failed logins allowed for a specified Adaptive Server login account.

Syntax

sp_modifylogin {loginame | “all overrides”}, option, value

Parameters

loginame: is the login account to be modified.

"all overrides"

removes the system overrides that were set using the "passwd expiration", "min passwd length", or "max failed_logins" parameters. To remove all the login-specific values, specify:

sp_modifylogin "all overrides", "option", "-1"

option

specifies the name of the option to be changed. Table 1-16 lists valid options and their descriptions.

**Table 1-16: sp_modifylogin option variable and definitions**
Option	Definition
authenticate with	Authenticates the login. Specify these values: ASE – use Adaptive Server internal authentication using syslogin passwords. LDAP – use external authentication with an LDAP Server. PAM – use external authentication with PAM. ANY – by default, users are authenticated using this authentication method. A user with ANY authentication means that Adaptive Server checks if there is any external authentication mechanism defined, and if there is, it is used. Otherwise, it uses ASE authentication.
defdb	The “home” database to which the user is connected when he or she logs in.
deflanguage	The official name of the user’s default language.
fullname	The user’s full name.
"add default role"	The role or roles to be activated by default at login.
"drop default role"	The role or roles to be dropped from the list of roles activated by default at login. This option affects only user-defined roles, not system roles.
"passwd expiration"	The password expiration interval in days. It can be anyvalue between 0 and 32767, inclusive.
"min passwd length"	The minimum password length required for the specified login. It can be any value between 0 and 30, inclusive. 0 specifies that no password is required. The default is 6.
"max failed_logins"	The number of allowable failed login attempts for the specified login. It can be any value between 0 and 32767, inclusive.
login script	Name of the stored prodecure to run automatically when user logs in.

value: is the value of the option you specified for the option parameter. The value parameter is a character datatype; therefore, quotes are required for positive and negative numeric values.

Examples

Example 1

Changes the default database for “sarah” to pubs2:

sp_modifylogin sarah, defdb, "pubs2"

Example 2

Sets the default language for “claire” to French:

sp_modifylogin claire, deflanguage, "french"

Example 3

Changes the full name of user “clemens” to “Samuel Clemens”:

sp_modifylogin clemens, fullname, "Samuel Clemens"

Example 4

Adds the specialist role to the list of roles activated by default when user csmith logs in:

sp_modifylogin csmith, "add default role", specialist_role

Example 5

Drops the intern role from the list of roles activated by default when user “hpillai” logs in:

sp_modifylogin hpillai, "drop default role", intern_role

Example 6

Changes the maximum number of failed login attempts for the login “joe” to 40:

sp_modifylogin "joe", "max failed_logins", "40"

Example 7

Changes the overrides for maximum failed login attempts of all logins to 3:

sp_modifylogin "all overrides", "max failed_logins", "3"

Example 8

Removes the overrides for maximum failed logins option for all logins:

sp_modifylogin "all overrides", "max failed_logins", "-1"

Example 9

The login account named “nightlyjob” can only authenticate using local ASE authentication, and not an external mechanism such as LDAP or PAM:

sp_modifylogin "nightlyjob", "authenticate with", "ASE"

Example 10

Runs the proc_p1 script when Bob1 logs in to Adaptive Server:

sp_modifylogin Bob1, 'login script', proc_p1

Usage

Set a default database, language, or full name either with sp_modifylogin or with sp_addlogin when first adding the user’s login to Adaptive Server.
- If you do not specify a default database, the user’s default is master.
- If you do not specify a language, the user’s default language is set to the server’s default language.
- If you do not specify a full name, that column in syslogins remains blank.
If there are any login triggers associated with the login in question, they are listed after the Auto Login Script line. For more information, see in “Row-level access control” in Chapter 11, “Managing User Permissions” of the System Administration Guide.
You cannot use double quotes in the script name for the login script option. For example, Adaptive Server issues an error message it you specify a login script named "script"name".
For more information about password expiration interval, minimum password length, and max imum number of failed logins, see “User-Defined Login Security” in the System Administration Guide.

Changing a user’s default database

After sp_modifylogin is executed to change the user’s default database, the user is connected to the new defdb the next time he or she logs in. However, the user cannot access the database until the Database Owner gives the user access through sp_adduser or sp_addalias, or unless there is a “guest” user in the database’s sysusers table. If the user does not have access to the database by any of these means, she or he is connected to master and an error message appears.
If a user’s default database is dropped, or if the user is dropped from the database, the user is connected to master on his or her next login, and an error message appears.
If a user’s default language is dropped from the server, the server-wide default language is used as the initial language setting, and a message appears.

Changing a user’s role activation

Use sp_modifylogin to set a role to be activated by default at login or to drop a role from those activated by default at login.

Permissions

A user can use sp_modifylogin to change their default database, default language, and full name. Only a System Administrator or System Security Officer can execute sp_modifylogin to change the default database, default language, or full name of another user. Only a System Security Officer can execute sp_modifylogin to activate another user’s roles by default at login, change the password expiration interval, the minimum password length, the maximum number of failed logins allowed, and the login script associated with a specified login.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

Event	Audit option	Command or access audited	Information in extrainfo
38	exec_procedure	Execution of a procedure	Roles – Current active roles Keywords or options – NULL Previous value – NULL Current value – NULL Other information – All input parameters Proxy information – Original login name, if set proxy in effect