We have a SQL 2000 server and a client app that accesses it. We utilize SQL
authentication for the users who have already logged into the Windows domain
with a separate userid and password.
We are currently going through a certification and accredidation test and
one of the things we are getting dinged on is that we do not require complex
passwords with the SQL password. I see nowhere in SQL server to setup
mandatory password complexities, ie: minimum 8 characters, at least 1
number, 1 capital letter, etc.
Is there somewhere in SQL 2000 that a password policy for the SQL password
can be setup?Not for SQL Server 2000 not I'm aware of, unless you build and enfore this
functionality yourself. In SQL Server 2005, SQL passwords will abide by the
Windows OS machine/domain password policy with Windows Server 2003 and
above. In either version, its preferred to use only Windows logins which
have had password complexity policies for some time. Do you really need to
support SQL logins?
Cheers,
Bob Beauchemin
http://www.SQLskills.com/blogs/bobb
"Rockitman" <Rockitman@.discussions.microsoft.com> wrote in message
news:8F93457A-538A-4FD5-8551-79A9404AB777@.microsoft.com...
> We have a SQL 2000 server and a client app that accesses it. We utilize
> SQL
> authentication for the users who have already logged into the Windows
> domain
> with a separate userid and password.
> We are currently going through a certification and accredidation test and
> one of the things we are getting dinged on is that we do not require
> complex
> passwords with the SQL password. I see nowhere in SQL server to setup
> mandatory password complexities, ie: minimum 8 characters, at least 1
> number, 1 capital letter, etc.
> Is there somewhere in SQL 2000 that a password policy for the SQL password
> can be setup?|||Well that's what I'm trying to tell these guys. We already meet the
password requirements as a user cannot even get access to the client app
without first logging into the domain with a required complex password. If
I
change all the users to Windows authentication, when they access the client
app, will it just automatically open or will they have to reenter their
Domain id and password?
"Bob Beauchemin" wrote:
> Not for SQL Server 2000 not I'm aware of, unless you build and enfore this
> functionality yourself. In SQL Server 2005, SQL passwords will abide by th
e
> Windows OS machine/domain password policy with Windows Server 2003 and
> above. In either version, its preferred to use only Windows logins which
> have had password complexity policies for some time. Do you really need to
> support SQL logins?
> Cheers,
> Bob Beauchemin
> http://www.SQLskills.com/blogs/bobb|||If you use Windows authentication, their existing credentials are used, they
don't need to reenter. You'd need to change the connection strings in the
client apps to make this happen. There are some issues with delegation of
credentials (NTLM credentials are good for 1 inter-machine "hop", Kerberos
credentials can do multi-machine only if you have delegation enabled on a
server level) so you'd want to ensure that your application architecture can
accomdate this, especially if you have an intranet application. There's a
section in the SQL Server Books Online with details.
Cheers,
Bob Beauchemin
http://www.SQLskills.com/blogs/bobb
"Rockitman" <Rockitman@.discussions.microsoft.com> wrote in message
news:3A6FD24F-14C1-4C15-B559-CD1489849867@.microsoft.com...
> Well that's what I'm trying to tell these guys. We already meet the
> password requirements as a user cannot even get access to the client app
> without first logging into the domain with a required complex password.
> If I
> change all the users to Windows authentication, when they access the
> client
> app, will it just automatically open or will they have to reenter their
> Domain id and password?
> "Bob Beauchemin" wrote:
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment