[jira] [Commented] (DERBY-5648) Unclear password expiry warning when using separate credentials db

Mon, 12 Mar 2012 08:37:02 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-5648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13227612#comment-13227612
 ] 

Knut Anders Hatlen commented on DERBY-5648:
-------------------------------------------

Option 2 sounds fine to me.

Another question is whether there should have been an error when calling 
SYSCS_MODIFY_PASSWORD on a database that's not a credentials database. But I 
suppose that must be allowed so that the password of the DBO can be set before 
NATIVE is enabled? Maybe SYSCS_MODIFY_PASSWORD (and SYSCS_RESET_PASSWORD) 
should fail, though, if there is no entry for the specified user in the local 
SYS.SYSUSERS table?
                
> Unclear password expiry warning when using separate credentials db
> ------------------------------------------------------------------
>
>                 Key: DERBY-5648
>                 URL: https://issues.apache.org/jira/browse/DERBY-5648
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>            Priority: Minor
>
> If you log on to a database (other than the credentials db) and your password 
> is about to expire, you'll be advised to change your password using the 
> SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure. However, the warning message does 
> not say you need to log on to the credentials db to change your password. 
> This may lead the user to modify the password in the current database instead 
> of the credentials database, thinking everything is well.
> ij(CONNECTION1)> connect 'jdbc:derby:otherdb;user=test;password=abc';
> WARNING 01J15: Your password will expire in 0 day(s). Please use the 
> SYSCS_UTIL.SYSCS_MODIFY_PASSWORD  procedure to change your password.
> ij(CONNECTION2)> CALL SYSCS_UTIL.SYSCS_MODIFY_PASSWORD('new-password');
> 0 rows inserted/updated/deleted
> ij(CONNECTION2)> connect 'jdbc:derby:otherdb;user=test;password=new-password';
> ERROR 08004: Connection authentication failure occurred.  Reason: Invalid 
> authentication..
> Even though SYSCS_MODIFY_PASSWORD succeeds, the password has not been updated 
> in the credentials db.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to