SAP Knowledge Base Article - Preview

3112160 - ASE authentication ignores expired login passwords when PAM is enabled - SAP ASE


  • Testing PAM authentication with Active Directory for some user accounts.
  • ASE configuration parameter 'enable pam user auth' is set to 1.
  • We are able to log in using a login with an expired password and run all the commands without any restrictions.
  • sp_displaylogin shows that the password is expired:

    1> sp_displaylogin test
    2> go
    Suid: 6170
    Loginame: test
    Fullname: test id
    Default Database: tempdb
    Default Language:
    Auto Login Script:
    Configured Authorization:
    Locked: NO
    Date of Last Password Change: Oct 11 2021 12:00AM
    Password expiration interval: 1
    Password expired: YES
    Minimum password length: 8
    Maximum failed logins: 5
    Current failed login attempts: 0
    Authenticate with: AUTH_DEFAULT
    Login Password Encryption: SYB-PROP,SHA-256
    Last login date: Oct 13 2021 12:30PM
    Exempt inactive lock: 0
    (return status = 0)



  • SAP Adaptive Server Enterprise (ASE) 16.0 SP03 PL10 (not limited to this version)
  • Pluggable Access Module (PAM)


SAP Adaptive Server Enterprise 16.0


CR825795, CR#825795, 825795, syslogins, CR697573, CR#697573, 697573 , KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.