How come password_reuse_max is not enforced?
Hi I have created a profile and a user userabc with that profile
username: userabc
password: password1234
CREATE PROFILE new_profile LIMIT PASSWORD_REUSE_MAX 3 PASSWORD_REUSE_TIME 10;
when I change the password to "password12345" and change the password again back to "password1234", I'm excepting the password change to be rejected since PASSWORD_REUSE_MAX is set to 3. I shouldn't be able to use back the old password.
I changed the password with the following command
ALTER USER userabc IDENTIFIED BY 'password12345' REPLACE 'password1234'; ALTER USER userabc IDENTIFIED BY 'password1234' REPLACE 'password12345';
Did I miss out some setting?
Thanks a lot for your help vertica community.
0
Answers
Did you assign the profile to the user?
Example:
This step is very important:
Now try it:
Hi Jim yes I did
Hi Jim I ran it in sequence and I'm able to change the password to old password
We are using vertica version 8.0 jdbc driver 7.2.3
What SQL tool are you using? I tried the script in VSQL first where it worked, then I tried DbVisualizer which uses JDBC. Works fine there too (see attachment). Although, I am using Vertica 9.2 and matching JDBC driver.
Make sure the user actually has the profile set:
I did a cursory search for bugs in Vertica 8 for what you are seeing but could not find anything obvious. Are you using a password security algorithm other than MD5?
Run this:
I'm using DBeaver 5.1.1
results for
We are using SHA512 for password security algorithm
Ok. That's this issue.
Let me check on an old JIRA that discusses this and I will get back to you,
Thanks for your awesome support!