[
https://issues.apache.org/jira/browse/DERBY-5647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13227589#comment-13227589
]
Rick Hillegas commented on DERBY-5647:
--------------------------------------
Thanks for buddy-testing NATIVE authentication, Knut.
This behavior is deliberate although I can see that it is confusing. We want to
encourage the DBO to change her password regularly--probably her password is
the most important one in the database. However, we don't want to actually lock
out the DBO if she goes on vacation and her password expires while she's on the
beach. That would orphan the application. I can think of several approaches to
this issue:
1) Change the error message so that it indicates that the DBO's password won't
actually expire. Something like:
Your password will expire in 0 day(s). Please use the
SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure to change your password. Note that
if you are the database owner, your password will still be valid after the
expiration date, but you are urged to update your password.
2) Produce a different error message if the user is the DBO:
Your password will become stale in 0 day(s). You should update your password
soon in order to protect the database. Please use the
SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure to change your password.
3) Abandon the goal of preventing the DBO from locking herself out. Let the
DBO's password truly expire and therefore let the database become truly
unusable.
What are your thoughts?
Thanks,
-Rick
> NATIVE warns about password expiry for DBO
> ------------------------------------------
>
> Key: DERBY-5647
> URL: https://issues.apache.org/jira/browse/DERBY-5647
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Priority: Minor
>
> The DBO's password cannot expire. Still, NATIVE warns that the password is
> about to expire.
> ij> connect 'jdbc:derby:authdb;create=true;user=admin';
> ij> call
> syscs_util.syscs_set_database_property('derby.authentication.native.passwordLifetimeMillis',
> '100');
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_create_user('ADMIN', '%*$');
> 0 rows inserted/updated/deleted
> ij> call
> syscs_util.syscs_set_database_property('derby.authentication.provider',
> 'NATIVE::LOCAL');
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:authdb;shutdown=true';
> ERROR 08006: Database 'authdb' shutdown.
> ij> connect 'jdbc:derby:authdb;user=admin;password=%*$';
> WARNING 01J15: Your password will expire in 0 day(s). Please use the
> SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure to change your password.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
