Vertica Profile PASSWORD_REUSE_MAX PASSWORD_REUSE_TIME was not enforced

choowenbin

Hi I have created a profile and a user userabc with that profile

username: userabc password: password1234

CREATE PROFILE new_profile
  LIMIT PASSWORD_REUSE_MAX 3
        PASSWORD_REUSE_TIME 10;

when I change the password to "password12345" and change the password again back to "password1234", I'm excepting the password change to be rejected since PASSWORD_REUSE_MAX is set to 3. I shouldn't be able to use back the old password.

I changed the password with the following command

ALTER USER userabc 
IDENTIFIED BY 'password12345' 
REPLACE 'password1234';

ALTER USER userabc 
IDENTIFIED BY 'password1234' 
REPLACE 'password12345';

Did I miss out some setting?

Thanks a lot for your help vertica community.

s_crossman

Hi chowenbin,

What version of Vertica are you using. I tried this in 9.0.1 and it worked as you expected.

logged as admin

VMart=> CREATE PROFILE new_profile LIMIT PASSWORD_REUSE_MAX 3 PASSWORD_REUSE_TIME 10;
CREATE PROFILE
VMart=> create user userabc identified by 'password1234' profile new_profile;
CREATE USER

logged as user

userabc=> ALTER USER userabc IDENTIFIED BY 'password12345' REPLACE 'password1234';
ALTER USER
userabc=> ALTER USER userabc IDENTIFIED BY 'password1234' REPLACE 'password12345';
ROLLBACK 2302: Can not reuse the previous 3 passwords
HINT: Please check PASSWORD_REUSE_MAX in user's profile

Regards,

Jim_Knicely

@s_crossman - It does not work when using a non MD5 hash authenticated password. There is a JIRA to address this.