Tutorial on SAP Sybase ASE Password Policy

Tutorial on SAP Sybase ASE Password Policy

In this post, we shall cover password policy of SAP Sybase ASE in depth. Password policy is an integral part of Database Administrator job – it is getting more and more traction after incident of hacking has increased post pandemic. Security department wants to ensure that password matches to best possible stringent norms and it has also become compliance issue.

SAP Sybase ASE supports plethora of options for password policy and you may implement many of them depending upon the need of your organization. Basically, there are three types of command for Sybase password policy – one is for listing, second is for setting and third is for clearing.

As above name suggests – listing helps in finding out what all options are currently set in the environment and it is effective, whereas setting helps in configuring new options of password policy with the desired value whereas last option is for clearing any password option when it is not required anymore.

You may get all these details just by executing sp_passwordpolicy at Sybase client tool as below:

Now, lets cover one by one – First listing of password policy:

sp_passwordpolicy ‘list’, ‘min digits in password’
go
sp_passwordpolicy ‘list’, ‘min alpha in password’
go
sp_passwordpolicy ‘list’, ‘min special char in password’
go
sp_passwordpolicy ‘list’, ‘min upper char in password’
go
sp_passwordpolicy ‘list’, ‘min lower char in password’
go
sp_passwordpolicy ‘list’, ‘minimum password length’
go
sp_passwordpolicy ‘list’, ‘maximum failed logins’
go
sp_passwordpolicy ‘list’, ‘password exp warn interval’
go
sp_passwordpolicy ‘list’, ‘systemwide password expiration’
go
sp_passwordpolicy ‘validate password options’
go

Above will list all these passwords listing one by one or you may keep it as a sql file and print output as another file as a text file using isql utility.

Now, lets talk about setting the password policy one by one and at the end we need to validate the same:

sp_passwordpolicy ‘set’, ‘min digits in password’, ‘1’ –Check Password for Digit
go
sp_passwordpolicy ‘set’, ‘min alpha in password’, ‘2’ –Check Password for alphabets
go
sp_passwordpolicy ‘set’, ‘min special char in password’, ‘1’ –Check Password for Special Character
go
sp_passwordpolicy ‘set’,’min upper char in password’ , ‘1’ –Check number of upper case
go
sp_passwordpolicy ‘set’,’min lower char in password’, ‘1’ — Check Password for lower case
go
sp_passwordpolicy ‘set’, ‘minimum password length’, ‘8’ –Minimum Password Length
go

In this series only, we have an options to validate the password meaning whether any option is invalidating the other policy or not. Suppose you have set minimum length of password as 8 and now you are setting another policy to keep minimum special character to 9 that means it is invalidating previous option, that is the reason – we need to ensure that password validate option does not return any failure:

sp_passwordpolicy ‘validate password options’
go

You can play around with multiple available options and checking validate password options in Test environment before applying on Production server.

Now, there is a setting for password expiration – this can be done at login level, role level or system wide. Depending on your organization policy, you may take a call on this setting however it is very important and must be considered.

Once password expiration policy is in place, we should talk about maintaining password history – meaning you shouldn’t be able to use any password that you have used in the past for certain period of time. In the below file, you may go through the same:

I have covered this topic in one of my video and have explained all the aspects with examples:

Leave a Comment

Your email address will not be published.