security policy - password history

Hi,

Based on what I have gathered so far Sybase 12 does not have
"Password History" capabilities on their user security
policy (i.e. users cannot use his/her last 3 passwords). can
anyone confirm this?

Is there a workaround? Is it now supported in ASE 15?

Appreciate it.

Thanks
0
alex
1/6/2011 10:08:00 PM
sybase.ase.administration 7058 articles. 2 followers. Follow

5 Replies
1864 Views

Similar Articles

[PageSpeed] 21

Hello,

I believe support was added for this in ASE 12.5.4, see the 
documentation regarding "sp_extrapwdchecks".

Here is a link to the 15 docs:
http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc31654.1550/html/sag1/BGBIHBFD.htm

0
Neal
1/6/2011 10:17:03 PM
On 1/6/2011 3:08 PM, alex wrote:
> Hi,
>
> Based on what I have gathered so far Sybase 12 does not have
> "Password History" capabilities on their user security
> policy (i.e. users cannot use his/her last 3 passwords). can
> anyone confirm this?
>
> Is there a workaround? Is it now supported in ASE 15?
>
> Appreciate it.
>
> Thanks


Password history checks can be coded into the sp_extrapwdchecks
stored procedure, which was introduced in 12.5.4 and 15.0.2 versions
under CR 300579.

An example of how to code password history checks is in the docs
http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc31654.1502/html/sag1/sag1665.htm 


0
Bret
1/6/2011 10:22:27 PM
<alex> wrote in message news:4d263d40.2c72.1681692777@sybase.com...
> Hi,
>
> Based on what I have gathered so far Sybase 12 does not have
> "Password History" capabilities on their user security
> policy (i.e. users cannot use his/her last 3 passwords). can
> anyone confirm this?
>
> Is there a workaround? Is it now supported in ASE 15?
>
> Appreciate it.
>
> Thanks

The Sybase-provided code that Neal and Bret reference are calendar-based
(i.e., 12 months).  The attached code for ASE 15.0.3 checks the last 24
passwords for non-reusage per login.  Obviously, it is easy to tweak via
@pwdcount.  The other code consideration is whether to include an SSO
password change as one of the 24 versus counting only password changes done
by the user.  I also set auditing of updates to the table since only inserts
and deletes should occur.









begin 666 xpwdchk.sql
M+2T-"BTM("!42$4@5%=/(%-43U)%1"!04D]#14154D53($)%3$]7($%212!)
M3E9/2T5$(%=(14X@*#$I($$@4$%34U=/4D0@25,@0TA!3D=%1"P-"BTM("!!
M3D0@*#(I($$@3$]'24X@04-#3U5.5"!)4R!$4D]04$5$+B @5$A%(%!71$A)
M4U1/4ED@5$%"3$4@25,@55-%1"!43R!%3D9/4D-%#0HM+2 @5$A%($Y/3BU2
M155312!/1B!42$4@3$%35" R-"!005-35T]21%,N("!.3U1%(%1(050@5%=/
M($Q)3D53($%212!#3TU-14Y4140N#0HM+2 @248@5$A%4D4@25,@02!'14Y%
M4D%,(%!!4U-73U)$(%!/3$E#62!&3U(@(F5X<&ER92!L;V=I;B(@5$A%3B!4
M2$4@3$E.15,-"BTM("!32$]53$0@0D4@54Y#3TU-14Y4140Z($].3%D@5$A%
M($Q!4U0@,C0@4$%34U=/4D13(%-%5"!"62!42$4@55-%4B!!3D0@3D]4($)9
M#0HM+2 @04X@4U-/(%-(3U5,1"!"12!#2$5#2T5$+@T*+2T-"BTM("!)5"!)
M4R!)3E1%3E1)3TY!3"!42$4@5$A%4D4@25,@3D\@(D123U B($9/4B!42$4@
M<'=D:&ES=&]R>2!404),12!324Y#12!)5 T*+2T@($-/54Q$(%!212U%6$E3
M5"!!3D0@5$A%($1!5$$@4TA/54Q$($Y/5"!"12!!551/34%424-!3$Q9($Q/
M4U0N#0HM+0T*+2T-"BTM+2TM+2TM+2TM+2!%3E-54D4@5$A!5"!%4E)/4B!-
M15-304=%4R!!4D4@4%)/5DE$140@5$\@5$A%(%5315(@+2TM+2TM+2TM+2TM
M+0T*<V5T(&9L=7-H;65S<V%G92!O;@T*9V\-"@T*+2TM+2TM+2TM+2TM($E3
M($E4($]+(%1/($Q/040@5$A%4T4@4%)/0T5$55)%4S\@+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM#0H-"FEF("AH87-?<F]L92 H)W-S;U]R;VQE
M)RP@,"D@/2 P*0T*(" @8F5G:6X-"B @(" @('!R:6YT("<@)PT*#0H@(" @
M("!P<FEN=" G(" @(%E/52!-55-4($A!5D4@5$A%('-S;U]R;VQE(%)/3$4@
M5$\@4E5.(%1(25,@4T-225!4+B<-"@T*(" @(" @<')I;G0@)R G#0H-"B @
M(" @('-E;&5C="!S>6)?<75I=" H*0T*(" @96YD#0H-"BTM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+0T*#0IU<V4@;6%S=&5R#0IG;PT*9')O
M<"!P<F]C961U<F4@<W!?97AT<F%P=V1C:&5C:W,-"F=O#0ID<F]P('!R;V-E
M9'5R92!S<%]C;&5A;G!W9&-H96-K<PT*9V\-"@T*8W)E871E('1A8FQE('!W
M9&AI<W1O<GD-"B @("AL;V=I;B @(" @('9A<F-H87(@*#,P*2 @("!N;W0@
M;G5L;"P-"B @("!P87-S=V]R9" @('9A<F)I;F%R>2 H,S I("!N;W0@;G5L
M;"P-"B @("!P=V1A=&4@(" @('-M86QL9&%T971I;64@("!N;W0@;G5L;"P-
M"B @("!C:&%N9V5D8GD@('9A<F-H87(@*#,P*2 @("!N;W0@;G5L;"P-"B @
M("!S97$@(" @(" @('5N<VEG;F5D(&EN=" @("!I9&5N=&ET>2D-"F=O#0IC
M<F5A=&4@=6YI<75E(&-L=7-T97)E9"!I;F1E>"!50R!O;B!P=V1H:7-T;W)Y
M("AL;V=I;BP@<V5Q*0T*9V\-"G-P7V%U9&ET("=U<&1A=&4G+" G86QL)RP@
M<'=D:&ES=&]R>2P@)V]N)PT*9V\-"@T*<W!?861D;65S<V%G92 R,C P,2P@
M)R @(%1H92!N97<@<&%S<W=O<F0@:7,@;VYE(&]F('1H92!L87-T(#(T('!A
M<W-W;W)D<RXG#0IG;PT*#0IC<F5A=&4@<')O8R!S<%]E>'1R87!W9&-H96-K
M<R H0$-!3$Q%4E]005-35T]21"!V87)C:&%R("@S,"DL#0H@(" @(" @(" @
M(" @(" @(" @(" @(" @(" @(" @0$Y%5U]005-35T]21" @("!V87)C:&%R
M("@S,"DL#0H@(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @0$Q/1TE.
M04U%(" @(" @("!V87)C:&%R("@S,"DI("!A<PT*#0H@(" M+2 @5$A%($%"
M3U9%($%21U5-14Y4($Q)4U0@25,@1$5415)-24Y%1"!"62!364)!4T4N#0H-
M"B @(&1E8VQA<F4@0&5N8W)Y<'1E9%]P=V0@('9A<F)I;F%R>2 H,S I+ T*
M(" @(" @(" @("! <'=D8V]U;G0@(" @(" @=&EN>6EN="P-"B @(" @(" @
M(" @0'-E<2 @(" @(" @(" @(&EN= T*#0H@("!S970@0&5N8W)Y<'1E9%]P
M=V0@/2!I;G1E<FYA;%]E;F-R>7!T("A 3D577U!!4U-73U)$*0T*#0H@("!I
M9B!E>&ES=',@*'-E;&5C="!L;V=I;@T*(" @(" @(" @(" @("!F<F]M(&UA
M<W1E<BYD8F\N<'=D:&ES=&]R>0T*(" @(" @(" @(" @("!W:&5R92!L;V=I
M;B @(" ]($!,3T=)3D%-10T*(" @(" @(" @(" @(" @(&%N9"!P87-S=V]R
M9" ]($!E;F-R>7!T961?<'=D*0T*(" @(" @8F5G:6X-"B @(" @(" @(')A
M:7-E<G)O<B R,C P,0T*(" @(" @96YD#0H@("!E;'-E#0H@(" @("!B96=I
M;@T*(" @(" @(" @<V5L96-T($!S97$@(" @(" ](&UI;B H<V5Q*2P-"B @
M(" @(" @(" @(" @("! <'=D8V]U;G0@/2!C;W5N=" H<V5Q*0T*(" @(" @
M(" @9G)O;2!M87-T97(N9&)O+G!W9&AI<W1O<GD-"B @(" @(" @('=H97)E
M(&QO9VEN(" @(" ]($!,3T=)3D%-10T*(" @+2T@(" @("!A;F0@8VAA;F=E
M9&)Y(#T@0$Q/1TE.04U%#0H-"B @(" @(" @('=H:6QE("@R,R \($!P=V1C
M;W5N="D-"B @(" @(" @(" @(&)E9VEN#0H@(" @(" @(" @(" @("!D96QE
M=&4@9G)O;2!M87-T97(N9&)O+G!W9&AI<W1O<GD-"B @(" @(" @(" @(" @
M('=H97)E(&QO9VEN(#T@0$Q/1TE.04U%#0H@(" @(" @(" @(" @(" @(&%N
M9"!S97$@(" \($!S97$-"@T*(" @(" @(" @(" @(" @<V5L96-T($!S97$@
M(" @(" ](&UI;B H<V5Q*2P-"B @(" @(" @(" @(" @(" @(" @("! <'=D
M8V]U;G0@/2!C;W5N=" H<V5Q*0T*(" @(" @(" @(" @(" @9G)O;2!M87-T
M97(N9&)O+G!W9&AI<W1O<GD-"B @(" @(" @(" @(" @('=H97)E(&QO9VEN
M(" @(" ]($!,3T=)3D%-10T*(" @+2T@(" @(" @(" @("!A;F0@8VAA;F=E
M9&)Y(#T@0$Q/1TE.04U%#0H@(" @(" @(" @("!E;F0-"@T*(" @(" @(" @
M:6YS97)T(&EN=&\@;6%S=&5R+F1B;RYP=V1H:7-T;W)Y#0H@(" @(" @(" @
M("!S96QE8W0@0$Q/1TE.04U%+"! 96YC<GEP=&5D7W!W9"P@9V5T9&%T92 H
M*2P@<W5S97)?;F%M92 H*0T*#0H@(" @(" @("!R971U<FX@*# I#0H@(" @
M("!E;F0-"F=O#0H-"@T*8W)E871E('!R;V,@<W!?8VQE86YP=V1C:&5C:W,@
M*$!,3T=)3D%-12!V87)C:&%R("@S,"DI("!A<PT*#0H@("!D96QE=&4@9G)O
M;2!M87-T97(N9&)O+G!W9&AI<W1O<GD-"B @('=H97)E(&QO9VEN(#T@0$Q/
-1TE.04U%#0IG;PT*&@``
`
end

0
Carl
1/7/2011 3:16:01 PM
Thank you all for your responses. Appreciate it.

> <alex> wrote in message
> > news:4d263d40.2c72.1681692777@sybase.com... Hi,
> >
> > Based on what I have gathered so far Sybase 12 does not
> > have "Password History" capabilities on their user
> > security policy (i.e. users cannot use his/her last 3
> > passwords). can anyone confirm this?
> >
> > Is there a workaround? Is it now supported in ASE 15?
> >
> > Appreciate it.
> >
> > Thanks
>
> The Sybase-provided code that Neal and Bret reference are
> calendar-based (i.e., 12 months).  The attached code for
> ASE 15.0.3 checks the last 24 passwords for non-reusage
> per login.  Obviously, it is easy to tweak via @pwdcount.
> The other code consideration is whether to include an SSO
> password change as one of the 24 versus counting only
> password changes done by the user.  I also set auditing of
> updates to the table since only inserts and deletes should
> occur.
>
>
>
>
>
>
>
>
>
>
> [Attachment: xpwdchk.sql]
0
Alex
1/7/2011 10:50:52 PM
"Carl Kayser" <kayser_c@bls.gov> wrote in message
news:4d272e31$1@forums-1-dub...
>
> <alex> wrote in message news:4d263d40.2c72.1681692777@sybase.com...
>> Hi,
>>
>> Based on what I have gathered so far Sybase 12 does not have
>> "Password History" capabilities on their user security
>> policy (i.e. users cannot use his/her last 3 passwords). can
>> anyone confirm this?
>>
>> Is there a workaround? Is it now supported in ASE 15?
>>
>> Appreciate it.
>>
>> Thanks
>
> The Sybase-provided code that Neal and Bret reference are calendar-based
> (i.e., 12 months).  The attached code for ASE 15.0.3 checks the last 24
> passwords for non-reusage per login.  Obviously, it is easy to tweak via
> @pwdcount.  The other code consideration is whether to include an SSO
> password change as one of the 24 versus counting only password changes
> done
> by the user.  I also set auditing of updates to the table since only
> inserts
> and deletes should occur.
>

Upon further review ... it is not @pwdcount that determines how many
distinct passwords are used by a login.  It is the constant 23 in the while
loop that determines that the last 24 passwords are not re-used.



0
Carl
1/11/2011 2:16:05 PM
Reply:

Similar Artilces:

Why is it an error to have both X-Content-Security-Policy and X-Content-Security-Policy-Report-Only ?
https://wiki.mozilla.org/Security/CSP/Spec#Report-Only_mode If both a X-Content-Security-Policy-Report-Only header and a X-Content-Security-Policy header are present in the same response, a warning is posted to the user agent's error console and any policy specified in X-Content-Security-Policy-Report-Only is ignored. The policy specified in X-Content-Security-Policy headers is enforced. Why is this? This seems like an unnecessary burden which prevents groups from tightening their security policies over time. For example, here at Google, I'm interested in helping resol...

Turbopower Async Pro is blocked by Policy Local Cmpuer Policy\Windws Settings\Security Settings\Local Policies\User Right Assignment
If computers have set "Load and unload device drivers" in this key to Asministrators only, my program will not be able to connect an external device if I use tApdDataPacket for communication, but if I use tApdTerminal, everything works ok. Has anyone any idea what device drivers may be involved here when adding Users to the group, the program work properly ? Must be something that is loaded by the packet component? Is this driver something that could be preinstalled by installation program ? Onthe other hand, is it normal to do this restriction in policy? (the c...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Security policies
Is there a way to limit what users can and can't do with their email. We want to take away the rights to delete e-mail, so we can audit certain employees, who are abusing groupwise. There has to be a way! If not I will cry. Not really. Start crying GW 7 (with 3rd party software) will let you audit them at least. -- Michael J. Bell Novell Support Connection Volunteer Sysop Author of Guinevere (http://www.openhandhome.com) PLEASE: Do not e-mail me privately unless specifically asked. I'm a volunteer, not a Novell employee! All opinions and advice provided are ...

security policy
Hi, We have zenworks 4.0.1 we are trying to push down a group policy with security settings. Everything is pushed down to the workstation except the security settings... Is this a known problem or are we doing something wrong? If the last how should we push these settings? Urbain urbain, > We have zenworks 4.0.1 we are trying to push down a group policy with > security settings. > Everything is pushed down to the workstation except the security settings... There have been a few issue, but most or all have been resolved with the later patches like Ir4 or ...

Security Administrator
I am having a problem connecting to the Component Manager from the Security Administrator. I know the Component Manager is up because I can connect to it from a Workspace. I am a little confused-I enter in the Database Server Name and the Database Name(pscmpmgr) in the logon dialog. I am then brought to an ODBC setup. This is not what the documentation says is supposed to happen. Thanks if anyone is able to help. Marc ...

Security Administration
--------------98E2EE346723753CCC82075B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Guys Does anybody has a documentation or where I can find how to configure the DCE or any information regarding how to configure ASE for that I want to put implement a Network Bases Security Im running HP-UX 11 ASE12 I type dcecp but I don't know how to create the key file Thanks for your time ------------------------------------------------- AD ASTRA PER ASPERA "Think in the incredible and take a chance of the impossible" -----------...

History is not history
Name: Dr J R Stockton Product: Firefox Summary: History is not history Comments: Firefox 3.6.8 (others presumed likewise) has a menu item History". But that does not show a history; rather, it seems to give a Most Recently Used list. (1) If it is an MRU list, it should be named correspondingly. (2) A true History, with dates and times, would be much more useful - especially combined with a kill list for sites visited too frequently. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.126 Safari/533...

History security
Is there a way to password-protect browsing history? A Alec wrote: > Is there a way to password-protect browsing history? > A Browsing History is a part of Firefox profile. Set a master password to protect your profile: Goto Tools>Options>Privacy>Password>Set Master Password or use this extension "ProfilePassword 0.3.1" : http://www.extensionsmirror.nl/index.php?showtopic=2179 Nir wrote: > Alec wrote: >> Is there a way to password-protect browsing history? >> A > > Browsing History is a part of Firefox profile. > &...

Security Administration
I want to simplify the mechanism to set up security. The scanner is ok and the admin is ok only for the porpouse of setting users and groups. My idea is to use the aplication being secured for seting security. How? I dont know yet, but the basis are to trap some events. For example, the app is running and the user responsible for set security would rightclick in one menu item, then a popup would show indicating which users/groups are permited to access this menuitem. My problem to do this is to trap de rightclick in objects (menu items, buttons, dw, etc) before the event goes to the ob...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

ASE and ASE
Could it be possible to take scripts from ASA and load them in an ASE Any information is welcome jean-fran�ois ASA supports a fairly large sub-set of Transact-SQL, so if you write your stored procedures and triggers in ASA using T-SQL, you should be able to create scripts that will run against both ASE and ASA. If you're planning to do this though, I would suggest developing your database schema against ASA, since everything you write in T-SQL in ASA will be supported on ASE, but the reverse is not true. Check out the section in the ASA documentation entitled "Tra...

ASE to ASE
Hi, Is anyone out there doing ASE to ASE replication using SQL remote? If you are have created your own version of the SSEXTRACT utility to set up a replicant database in ASE rather than ASA? Or does anyone know if SYBASE has created a version SSEXTRACT for use with ASE to ASE replication? Thanks in advance Doug Trainer Hi Douglas, I thought the SQL Remote Replication support in ASE11.5 was meant for a consolidate-database only (by design)! At least that was what Sybase said when they announced support for SQL Remote technology support in ASE11.5. I will be happy to...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

ASE security
Has anyone successfully granted admin(sa,sso) roles to users? I have gotten the following: 1> grant role sa_role to bob 2> go Msg 156, Level 15, State 1: Line 1: Incorrect syntax near the keyword 'role'. this is while logged in as sa. Also I have read about the Sybase Central utility. does this come with the Linux version? If so where is it installed? If not is it available for free? I recieved an email from Ryan Lubke with the commands that work. sp_role "grant", "sa_role", user_name exec sp_role "grant", "sso_role",...

Web resources about - security policy - password history - sybase.ase.administration

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

SMBs Can Potentially Compromising Enterprise IT Security: Cisco Report
Lifehacker Australia SMBs Can Potentially Compromising Enterprise IT Security: Cisco Report Lifehacker Australia Enterprise organisations ...

South Korea toughens aviation security law after Korean Airlines heiress Cho Hyun-ah’s ‘nut rage’ tantrum ...
SOUTH Korea has toughened its aviation security law in the aftermath of the notorious “nut rage” incident involving a top airline executive. ...

Businesses need to place higher priority on cyber security
... are confident in their ability to fend off today’s sophisticated cyber attacks. This is one of the key findings from Cisco’s 2016 Annual Security ...

Amazon’s 13 best deals of the day include a cheap 4K TV and a wireless security system
... you want and the great products you need. Today's batch of Amazon's best deals includes a 4K Ultra HD TV for under $350, a great wireless security ...

Tech's big security problem: 'We're building 500mph cars with breaks that can cope with 30mph'
... technology like artificial intelligence and robotics that look set to transform the world. But one of the world's most prominent cyber security ...

Advocacy group wants healthcare industry to adopt medical device security principles
Advocacy group I Am the Cavalry is urging organizations that manufacture and distribute medical devices to adopt a cybersecurity version of the ...

Resources last updated: 1/21/2016 8:54:24 AM