[FEATURE REQUEST]

Question

[FEATURE REQUEST]

rgare-jeffa opened this issue 8 months ago · comments

As a engineer, I'd like to be able to set my password when I receive an error logging in through my tedious connection/client with this error:

ConnectionError: Login failed for user 'testuser'. Reason: The password of the account must be changed.

Describe the preferred solution
Documentation on feature OR new feature below.

Prefer a configuration or option we can send in that will recognize and set a new password based on the required server configurations, when user has been granted a one time password.

Describe alternatives you've considered
Manually reset the password.

I haven't been able to find this option in any docs. Is this on a roadmap or possible to implement here?

mShan0 · Answer 1 · Sat Oct 28 2023 02:42:11 GMT+0800 (China Standard Time)

Hi @rgare-jeffa, not sure if this is possible, but will take a look into it

Arthur Schreiber · Answer 2 · Sun Nov 05 2023 19:54:54 GMT+0800 (China Standard Time)

I guess what you're asking for is the changePassword feature of the LOGIN7 packet? See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/773a62b6-ee89-4c02-9e5e-344882630aac

rgare-jeffa · Answer 3 · Tue Nov 07 2023 02:45:58 GMT+0800 (China Standard Time)

I believe that would work actually, but not as tuned to Windows docs. It appears that it has a flag fChangePassword.

I believe the fChangePassword option is flagged, requiring setting a new password.

Essentially, if the DBA sets a require password change on next login, we can't login and change the password through Tedious. I would like to be able to do this similarly when connecting without needing to manually login to the server to set it with my keyboard. Maybe passing in something or similar.

For instance, in a real world example, we may want to understand we changed ALL of our passwords. One way to do this is to have the DBA flag all accounts to require them to reset on next login. When I login, if that option is requested, looks in [variables, etc.], errors if still not found, similar to how it prompts in SQLServerTools for the new password, but allowing the operation to not require manual input.

This does look like the place.

OptionFlag3

OptionFlags3 | Represented in least significant bit order.fChangePassword: Specifies whether the login request SHOULD change password.

0 = No change request. ibChangePassword MUST be 0
1 = Request to change login's password.
-- | --