Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
21222324252627282930
that the password has not expired. If the password has expired, a user can still change his
or her own password if a grace period is configured and in effect, as described in “Viewing
and Updating the Password Quality and Control Policies” (page 44).
The user can also change his or her own password at login in either NCI or HPDM if the
password has expired or is about to expire.
An authorization manager (that is, a person with the role ROLE.MGR) can change the
password for a database user, even if that password has expired, either in HPDM or by
using the NCI ALTER USER command, as described in “Changing a Database User
Password” (page 103).
If appropriately configured as described in “Enabling Password Expiration Notifications”
(page 53), the Neoview platform notifies a user when his or her password will soon expire.
By default, passwords for locally authenticated database users have the following characteristics:
Minimum length of 8 bytes (configurable)
Maximum length of 64 bytes, or 53 bytes if using 1024-bit keys. However, special
considerations apply if the security policy requires power database users to present a role
password in order to log on; for more information on this topic, see “Role Passwords”
(page 26).
Is not required to contain any minimum number of characters in each of the following
categories: uppercase character, lowercase character, digit, non-alphanumeric character
May not contain double-quotes (“), semi-colons (;), forward slashes (/), or commas (,).
May contain the user name
May contain consecutive instances of the same character
May contain blanks, but leading and trailing blanks are ignored
May contain non-printable ASCII characters
May not contain non-ASCII characters
Do not expire unless you modify the security policy to specify expiration
However, a Security Administrator can change password quality policies as well as various other
policies related to password control, , as described in “Managing Security Policies” (page 39).
NOTE: Password policy settings for locally authenticated database users are the same as for
platform users. There is no way to modify the password policies for platform users without
affecting the policies for locally authenticated database users, or vice versa. The only exception
to this rule is that the configuration could require some users to log on with personal and role
passwords while others log on with only a personal password. For more information, see “Role
Passwords” (page 26).
Passwords for Platform Users
Passwords for the predefined platform users are set during system installation. You can modify
several of these passwords as described in “Changing Passwords for Predefined Users and Roles”
(page 35). If you create additional platform-level user accounts, you can set and change their
passwords using HPDM or NCI, as described in “Managing Platform Users” (page 104).
Platform users can change their own passwords, using the NCI ALTER PASSWORD command
or when logging on in HDPM or NCI.
Passwords for platform-level users are encrypted in transit in the same way as database user
passwords and are stored on the Neoview platform in an encrypted form using HMAC with
SHA–256. This protection ensures that passwords on the Neoview platform cannot be
compromised even if the file is viewed.
Password Security 25