How to identify passwords in SS

Question

How to identify passwords in SS

trsrao

Newbie

Points: 6
More actions
November 29, 2004 at 1:36 am

#86953

My task is I shall give instruction to end user to change the password for every 15 days. Also the password will not be same in 2 successful logins. First time I will check this rule but after next 15 days, I am fail to check. So, how to identify if the user give same password. Please inform me?

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

AJ Ahrens SSC-Insane Points: 20676 More actions · Answer 1

You will need to build a table with current passwords and a historical table with same data. The password field will need to be encrypted. You will then have to interrogate the current table for date last modified for the password and force a new one. You could then do validation on the current/historical for password cant be same within x number of changes. You could also implement a flag that if the password entered is not correct in x attempts the user cannot log in.

Of course this is 100% application driven only. I don't know of a way to programmatically have a user change their password for their SQL login.

Good Hunting!

AJ Ahrens

webmaster@kritter.net

Frank Kalis SSC Guru Points: 111183 More actions · Answer 2

Hm, if you use Windows Authentication only, why not delegate this task to the OS password policy?

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

Julian Kuiters SSCertifiable Points: 6585 More actions · Answer 3

mm password policies are not a built in thing of SQL 2000. Windows password policies are the way to go. Unless you want to keep (potentially insecure) copies of passwords hanging around. Better leaving it to a tested technology like Windows.... did I just say that?

Julian Kuiters
juliankuiters.id.au

Steve Jones - SSC Editor SSC Guru Points: 736270 More actions · Answer 4

You can check syslogins for the last change date. This is for any aspect of the login, not just passwords, but in reality, it usually is the password that is last changed. That can give you a trigger to use to contact people, deny login, whatever. As far as changing the pwd, you could get a cracker like SQLCrack from NGSsoftware and use that to review the passwords, but as mentioned above, there are no policies that handle this for you.

NT Auth is the best way to deal with this.