SAP Knowledge Base Article - Preview

3112160 - ASE authentication ignores expired login passwords when PAM is enabled - SAP ASE

Symptom

  • Testing PAM authentication with Active Directory for some user accounts.
  • ASE configuration parameter 'enable pam user auth' is set to 1.
  • We are able to log in using a login with an expired password and run all the commands without any restrictions.
  • sp_displaylogin shows that the password is expired:

    1> sp_displaylogin test
    2> go
    Suid: 6170
    Loginame: test
    Fullname: test id
    Default Database: tempdb
    Default Language:
    Auto Login Script:
    Configured Authorization:
    Locked: NO
    Date of Last Password Change: Oct 11 2021 12:00AM
    Password expiration interval: 1
    Password expired: YES
    Minimum password length: 8
    Maximum failed logins: 5
    Current failed login attempts: 0
    Authenticate with: AUTH_DEFAULT
    Login Password Encryption: SYB-PROP,SHA-256
    Last login date: Oct 13 2021 12:30PM
    Exempt inactive lock: 0
    (return status = 0)


Read more...

Environment

  • SAP Adaptive Server Enterprise (ASE) 16.0 SP03 PL10 (not limited to this version)
  • Pluggable Access Module (PAM)

Product

SAP Adaptive Server Enterprise 16.0

Keywords

CR825795, CR#825795, 825795, syslogins, CR697573, CR#697573, 697573 , KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.