Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » User security (roles and privileges) » Passwords » Dual control passwords

 

Setting a dual control password (SQL)

Set a dual control password or change the first or last part of a dual control password. This feature prevents an administrator from knowing a user's complete password.

Prerequisites

You must have the CHANGE PASSWORD system privilege.

The target user must have the change_password_dual_control option enabled in their login policy.

Context and remarks

Another administrator must change the other part of the password. The user combines the two password parts and uses this combined password to connect to the database.

Password parts are case-sensitive and they cannot:

  • begin with white space, single quotes, or double quotes
  • end with white space
  • contain semicolons
  • be longer than 127 bytes in length
 Task
  1. Connect to the database.

  2. An administrator executes the following statement to set the first part of the dual control password, and then communicates password-part1 to the user:

    ALTER USER user-name IDENTIFIED FIRST BY password-part1;
  3. Another administrator executes the following statement to set the second part of the dual control password, and then communicates password-part2 to the user.

    ALTER USER user-name IDENTIFIED LAST BY password-part2;

Results

The password for the target user is set to use the combined first and last password parts (password-part1 password-part2).

Next

The target user connects to the database using the combined parts as their password, and is prompted to create a new password.

 See also