4. Authorizing User Access : Users and Profiles : Working with User Objects : User Password
 
Share this page                  
User Password
A password can be specified as part of the user definition.
Note:  If the Ingres DBMS Server is located on a remote node, this user password is in addition to the login password or installation password that the user must specify as part of the vnode definition.
When a session requires a password and one is not specified, a prompt requests a password anytime Ingres makes a connection between an Ingres tool and the DBMS. For security reasons, a password prompt is issued if either a required password is missing or the user name is unknown or illegal. This behavior is consistent with that of operating systems during logon.
If the connection specifies a password directly, as is the case with an application, no prompt is issued. This must be done if the application cannot prompt for a password. If the application can prompt for a password, it does. Then it passes the value entered using the DBMS_PASSWORD clause of the CONNECT statement.
User passwords are validated directly by the Ingres DBMS Server or by an external authentication mechanism, depending on how the user object is configured.
Note:  If a user with the Security privilege starts a session using the –u flag to impersonate another user, the real user’s password—not the impersonator’s—is required.
Any user is permitted to change their own password; to do so, however, they must supply their old password. Any user with the maintain_users privilege can change the password of another user, in addition to changing the method of password validation or removing the password altogether.
Note:  Passwords also apply to roles.