cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HANA Password Policy maximum_password_lifetime

Go to solution
Former Member

on ‎04-18-2014 5:04 PM

0 Kudos

With the indexserver.ini file, you can overwrite default system settings, such as the ones defined for the password policy. In my case, I have



[password policy]


last_used_passwords = 0 


maximum_password_lifetime = 0 


force_first_password_change = false

According to M_PASSWORD_POLICY - SAP HANA SQL and System Views References - SAP Library this has a value in days, but it does not tell you what the edge cases are. Does 0 mean the password is not good at all? Does it mean its good up to just shy of 1 day? Or, what I am trying to achieve, does this mean that the password is valid forever? Or, would valid forever be indicated by a negative number or some string?

An answer would be great, but a reference to a document defining these situations with the password policy would be preferred!

Thanks,

Kevin

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

johannes_hoenger
Explorer
‎05-26-2014 10:54 AM

Maximum Password Lifetime:

"The number of days after which a user's initial password (or any password set by a user administrator) expires if the user has not logged on

You must enter a value of at least 1.

A user administrator exclude users from this password check with the following SQL statement: ALTER USER <user_name> DISABLE PASSWORD LIFETIME. However, this is recommended only for technical users only, not database users that correspond to real people.

A user administrator can re-enable the password lifetime check for a user with the following SQL statement: ALTER USER <user_name> ENABLE PASSWORD LIFETIME."

(see: http://help.sap.com/hana/SAP_HANA_Administration_Guide_en.pdf)

Show replies
Show replies
Former Member
‎05-27-2014 3:23 PM
0 Kudos

Thanks for providing the reference! I was probably referencing older and/or different documents that did not have these details spelled out.

OttoGold
Active Contributor
‎01-21-2016 3:12 PM
0 Kudos

Hello Johannes,

sorry for disturbing the peace of an old thread, but it is related and you seem to be knowledgeable about this thing

I would like to list users that are excluded from the password check as achieved with this DISABLE PASSWORD LIFETIME. Where can I find the flag in the tables please?

cheers Otto

Paul_Ka
Participant
‎04-22-2016 9:07 AM
0 Kudos

Hi Otto,

You can run this statement.



select SYS.P_USERS_.NAME, SYS.P_USERS_.OID,SYS.P_USER_PASSWORD_.PASSWORD_CHANGE_TIME from


SYS.P_USER_PASSWORD_ right join SYS.P_USERS_ on 


SYS.P_USER_PASSWORD_.OID = SYS.P_USERS_.OID


where SYS.P_USER_PASSWORD_.PASSWORD_CHANGE_TIME is null

Cheers,

Pawel

Answers (0)

Ask a Question