cancel
Showing results for 
Search instead for 
Did you mean: 

We are trying Set up DB2 user passwords to never expire and we need a Technical Justification Document.

0 Kudos

We are trying Set up DB2 user passwords to never expire and we need a Technical Justification Document.

Accepted Solutions (1)

Accepted Solutions (1)

manumohandas82
Active Contributor
0 Kudos

Hi  Krishna ,

Can you detail on your requirement .

Is it that, you want to know why the users should be set to never exiprable

Thanks ,

Manu

0 Kudos

Yes, I want to know the exact reason why we are setting the never expire password in DB2 for Technical Justification .

manumohandas82
Active Contributor
0 Kudos

Hi Krishna ,

If your DB2 system is the backend DB   of an SAP system  then  the users  that are generally set to non expirable are sap<sid> , sap<sid>db ( if java ), sapadm etc .

Normally an SAP system is installed with the confidence that it is highly available , ie it is available for end user to access 24/7 

The SAP connects to the DB using the sap<sid> user and incase this user gets expired  all the db operations will be hanging back eventually failing . (The user password will expire any time )This does not help in assuring that the system is HA/ near HA  . [A time critical job might fail , an important update might fail]

Hence we set the passsword to never expirable .

If their is a password policy for the client  such that  every password should be changed then the above comes in conflict . You have the option to define a process to cater this . Normally the password is changed every quarter/year depending on the security policy

Thanks ,

Manu

.

Answers (1)

Answers (1)

former_member213250
Active Participant
0 Kudos

Hi Krishna

I think that is not possible.
You can check in DB administration Guide SAP on IBM DB2 for LUW chapter 4 : User Management. I couldn't find any exact document saying unlimited password. May be in roles you can try to set it expiry as unlimited option.

Regards
Venkat

manumohandas82
Active Contributor
0 Kudos

Hi Venkat ,

DB2 uses OS authentication methods , Hence the users can be set to passords which are never expirable ,using OS methods .

We have done this in our AIX system believe this can be done on otheOS as well

Thanks

Manu