Password expiration

The following PROFILE parameters control the conditions for password expiration, new passwords, and minimum lifetime:

• PASSWORD_LIFE_TIME - The number of days a password remains valid

• PASSWORD_MIN_LIFE_TIME - The number of days a password must be set before it can be changed

• PASSWORD_GRACE_TIME - The number of days a password can be used after it expires

• PASSWORD_REUSE_MAX - The number of times you must change your password before you can reuse an earlier password

• PASSWORD_REUSE_TIME - The number of days that must pass after a password is set before you can reuse it

• PASSWORD_MIN_CHAR_CHANGE - Minimum number of characters that must be different from the previous password

For more details on these and other parameters, see CREATE PROFILE and ALTER PROFILE.

Password expiration and grace period behavior

The profile parameter PASSWORD_LIFE_TIME controls the life time of a password in days. By default, the DEFAULT profile sets PASSWORD_LIFE_TIME to UNLIMITED, which disables password expiration. You can change this for the DEFAULT and custom profiles with ALTER PROFILE.

Normally, when a password expires, Vertica forces users to change their passwords the next time they log in. However, you can set a PASSWORD_GRACE_TIME to allow users to log in after their password expires. If a user logs in during their grace period, Vertica warns the user that their password has expired. Once this grace period ends, Vertica will issue the standard prompt to change the user's password.

Expire a password

You can expire a user's password immediately using the ALTER USER statement's PASSWORD EXPIRE parameter. By expiring a password, you can:

• Force users to comply with a change to password policy.

• Set a new password when a user forgets the old password.