Vertica Profile PASSWORD_REUSE_MAX PASSWORD_REUSE_TIME was not enforced
Hi I have created a profile and a user userabc with that profile
username: userabc password: password1234
CREATE PROFILE new_profile LIMIT PASSWORD_REUSE_MAX 3 PASSWORD_REUSE_TIME 10;
when I change the password to "password12345" and change the password again back to "password1234", I'm excepting the password change to be rejected since PASSWORD_REUSE_MAX is set to 3. I shouldn't be able to use back the old password.
I changed the password with the following command
ALTER USER userabc IDENTIFIED BY 'password12345' REPLACE 'password1234'; ALTER USER userabc IDENTIFIED BY 'password1234' REPLACE 'password12345';
Did I miss out some setting?
Thanks a lot for your help vertica community.
0
Comments
Hi chowenbin,
What version of Vertica are you using. I tried this in 9.0.1 and it worked as you expected.
logged as admin
VMart=> CREATE PROFILE new_profile LIMIT PASSWORD_REUSE_MAX 3 PASSWORD_REUSE_TIME 10;
CREATE PROFILE
VMart=> create user userabc identified by 'password1234' profile new_profile;
CREATE USER
logged as user
userabc=> ALTER USER userabc IDENTIFIED BY 'password12345' REPLACE 'password1234';
ALTER USER
userabc=> ALTER USER userabc IDENTIFIED BY 'password1234' REPLACE 'password12345';
ROLLBACK 2302: Can not reuse the previous 3 passwords
HINT: Please check PASSWORD_REUSE_MAX in user's profile
Regards,
@s_crossman - It does not work when using a non MD5 hash authenticated password. There is a JIRA to address this.