Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

minimum password length

4 posts in General Discussion Last posting was on 2011-08-25 20:49:35.0Z
dev Posted on 2011-08-25 17:14:42.0Z
Sender: 7a9e.4e52c0cf.1804289383@sybase.com
From: Dev
Newsgroups: sybase.public.ase.general
Subject: minimum password length
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <4e568302.5cba.1681692777@sybase.com>
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 25 Aug 2011 10:14:42 -0700
X-Trace: forums-1-dub 1314292482 10.22.241.41 (25 Aug 2011 10:14:42 -0700)
X-Original-Trace: 25 Aug 2011 10:14:42 -0700, 10.22.241.41
Lines: 9
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.general:30500
Article PK: 72680

Hi

We have an audit requirement to change minimum password
length on server from 1 -> 6. Does this only impact accounts
where password expires in future. Does anyone know how to
check existing accounts which are set with password length
of 1 so we can conclude on risk?

Thanks


Bret Halford Posted on 2011-08-25 18:30:39.0Z
From: Bret Halford <bret@sybase.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
Newsgroups: sybase.public.ase.general
Subject: Re: minimum password length
References: <4e568302.5cba.1681692777@sybase.com>
In-Reply-To: <4e568302.5cba.1681692777@sybase.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <4e5694cf$1@forums-1-dub>
Date: 25 Aug 2011 11:30:39 -0700
X-Trace: forums-1-dub 1314297039 10.22.241.152 (25 Aug 2011 11:30:39 -0700)
X-Original-Trace: 25 Aug 2011 11:30:39 -0700, vip152.sybase.com
Lines: 17
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.general:30501
Article PK: 72679


On 8/25/2011 11:14 AM, Dev wrote:
> Hi
>
> We have an audit requirement to change minimum password
> length on server from 1 -> 6. Does this only impact accounts
> where password expires in future. Does anyone know how to
> check existing accounts which are set with password length
> of 1 so we can conclude on risk?
>
> Thanks

The limit can only be checked when a new password is being
created. There is now way to tell (from within ASE) how many
characters an encrypted password has.

-bret


dev Posted on 2011-08-25 20:26:00.0Z
Sender: 681c.4e56af67.1804289383@sybase.com
From: Dev
Newsgroups: sybase.public.ase.general
Subject: Re: minimum password length
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <4e56afd8.6829.1681692777@sybase.com>
References: <4e5694cf$1@forums-1-dub>
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 25 Aug 2011 13:26:00 -0700
X-Trace: forums-1-dub 1314303960 10.22.241.41 (25 Aug 2011 13:26:00 -0700)
X-Original-Trace: 25 Aug 2011 13:26:00 -0700, 10.22.241.41
Lines: 22
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.general:30502
Article PK: 72682


> On 8/25/2011 11:14 AM, Dev wrote:
> > Hi
> >
> > We have an audit requirement to change minimum password
> > length on server from 1 -> 6. Does this only impact
> > accounts where password expires in future. Does anyone
> > know how to check existing accounts which are set with
> > password length of 1 so we can conclude on risk?
> >
> > Thanks
>
> The limit can only be checked when a new password is being
> created. There is now way to tell (from within ASE) how
> many characters an encrypted password has.
>
> -bret
>

Thanks Bret
Do you think changing minimum password length (via
sp_passwordpolicy) from 1 -> 6 could impact in anyaway
existing aacounts?


Bret Halford Posted on 2011-08-25 20:49:35.0Z
From: Bret Halford <bret@sybase.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
Newsgroups: sybase.public.ase.general
Subject: Re: minimum password length
References: <4e5694cf$1@forums-1-dub> <4e56afd8.6829.1681692777@sybase.com>
In-Reply-To: <4e56afd8.6829.1681692777@sybase.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <4e56b55f$1@forums-1-dub>
Date: 25 Aug 2011 13:49:35 -0700
X-Trace: forums-1-dub 1314305375 10.22.241.152 (25 Aug 2011 13:49:35 -0700)
X-Original-Trace: 25 Aug 2011 13:49:35 -0700, vip152.sybase.com
Lines: 28
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.general:30503
Article PK: 72681


On 8/25/2011 2:26 PM, Dev wrote:
>> On 8/25/2011 11:14 AM, Dev wrote:
>>> Hi
>>>
>>> We have an audit requirement to change minimum password
>>> length on server from 1 -> 6. Does this only impact
>>> accounts where password expires in future. Does anyone
>>> know how to check existing accounts which are set with
>>> password length of 1 so we can conclude on risk?
>>>
>>> Thanks
>>
>> The limit can only be checked when a new password is being
>> created. There is now way to tell (from within ASE) how
>> many characters an encrypted password has.
>>
>> -bret
>>
>
> Thanks Bret
> Do you think changing minimum password length (via
> sp_passwordpolicy) from 1 -> 6 could impact in anyaway
> existing aacounts?

Only if they try to change their password to one less
than 6 characters.

-bret