The following sp_passwordpolicy options are new to Adaptive Server 15.0.2. sp_passwordpolicy was introduced in Adaptive Server 12.5.4. All sp_passwordpolicy options from 12.5.4 are also included in Adaptive Server 15.0.2. For more information, see Chapter 25, “Security Enhancements.”
The following syntax expires the password of a role, all roles or roles matching a wild-card pattern. The column status in master database catalog syssrvroles is updated with a status bit ROLE_EXPIRED (0x4) to indicate the password is expired:
sp_passwordpolicy "expire role passwords", "[rolename | wildcard]"
The following syntax expires login passwords, all logins or logins matching a wild card pattern. The column status in master database catalog syslogins is updated with a status bit LOGIN_EXPIRED (0x4) to indicate the password is expired.
sp_passwordpolicy "expire login passwords", "[login name | wildcard]"
The following syntax expires login passwords have not been changed after a datetime specified. The column status in master database catalog syslogins is updated with a status bit LOGIN_EXPIRED (0x0004) to indicate that the password is expired. See “Entering Date and Time Data” in Adaptive Server 15.0 Reference Manual: Building Blocks, Chapter 1, “System and User Defined Datatypes” for an explanation of how datetime values are entered.
sp_passwordpolicy "expire stale login passwords", "datetime"
The following syntax expires role passwords have not been changed after a datetime specified. The column status in master database catalog syssrvroles is updated with a status bit ROLE_EXPIRED (0x4) to indicate the password is expired.
sp_passwordpolicy "expire stale role passwords", "datetime"
The following syntax generates the asymmetric key pairs to be used for network login password encryption.There is no catalog update for this option; the actions occur only in memory fields.
sp_passwordpolicy "regenerate keypair"
New password policy option “enable last login updates” is used to enable or disable code in Adaptive Server authentication that records the timestamp when each login occurs.The first parameter “set” sets the value of this attribute.The parameter “list” displays the current value of the attribute, and the parameter "clear" deletes the row from sysattributes. On upgrade or new installation, this attribute does not exist in sysattributes. The login timestamp occurs when the attribute row does not exist or has a value of 1. The login timestamp is not maintained if the attribute value is 0.
sp_passwordpolicy "set", "enable last login updates", 1 or 0
sp_passwordpolicy "list", "enable last login updates"
sp_passwordpolicy "clear", "enable last login updates"
The following syntax ends the password downgrade period. During the password downgrade period, passwords are stored in syslogins in both old and new encodings to allow user passwords to retained if the server is downgraded, for example, to Adaptive Server 15.0.2.
sp_passwordpolicy 'set' 'allow password downgrade', 0
