Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
21222324252627282930
NOTE: A policy requiring two passwords has important implications for the maximum
length of passwords:
For a locally authenticated database user or platform user needing to present a role
password, the maximum total length of the individual and role passwords together is
53 bytes, including the slash, in the case of 1024-bit encryption and 129 bytes, including
the slash, in the case of 2048-bit encryption.
For a remotely authenticated database user needing to present a role password, the
maximum total length of the individual and role passwords together is 53 bytes,
including the slash, in the case of 1024-bit encryption and 181 bytes, including the slash,
in the case of 2048-bit encryption.
The policy pertaining to role passwords can be separately controlled for all platform users,
users with the role SUPER.SUPER, and users with the role ROLE.MGR, ROLE.SECMGR, or
ROLE.DBA.
Whether a user who wishes to change the ROLE.MGR, ROLE.SECMGR, or ROLE.DBA
password needs to know the existing password
Whether a user who wishes to change the SUPER.SUPER password needs to know the
existing password
Except as prescribed by these policies, a user with the role ROLE.MGR can change a role password
without having to know the existing password, except in the following cases:
Only a user with the role ROLE.SECMGR can change the password of the role
ROLE.SECMGR.
Only a user with the role SUPER.SERVICES can change the password of the role
SUPER.SERVICES, HP.SDI, or HP.VTS.
A user in the role SUPER.SERVICES or HP.SDI must always provide both his or her own password
and the role password in order to log on.
Use of Braces in Passwords
One special consideration applies to applications that connect through ODBC and include a
password in the connection string. (Interactive users need not concern themselves with this
section.)
Certain ODBC applications—notably those which use the .NET ConnectionStringBuilder
class—add braces as delimiters around a password that contains special characters. For example,
a password the user enters as ab12_WV is delimited by the .NET framework to become
{ab12_WV}. To compensate for this behavior, the Neoview ODBC driver strips off the delimiting
braces. But what if a user wants to delimit a password with braces or to include a brace within a
password? To allow for such choices, an application that specifies a password in the connection
string must follow these rules:
To permit a password to include braces as its first and last characters, you must add an extra
left brace at the beginning and an extra right brace at the end.
To permit a right brace anywhere within the password, you must add an extra right brace
before it as an escape character.
A left brace within a password, other than as the first character, requires no special handling.
The following examples illustrate these rules. Notice that in the first case, there are actually three
right braces: the first is an escape character, the second is the brace that will remain part of the
Password Security 27