Setting for the # of Previous Passwords

Hi All -
Somewhere on the system, it is remembering previous user passwords but I can not determine where that setting is as I can't find it. Can anyone tell me where it is so I can determine how many passwords the system is keeping?
Thanks!

If someone has this answer I have been wanting to know too. The only answer I have is that somewhere it is hard-coded to a value of 10. That is, you can't reuse the previous 10 passwords.

I know that in 8.9 and above the processing options for P98OWSEC have options for password rules, I do not have access to a system right now to check if the password history value is also present , but you can take a look. If not then like Steven mentioned it is probably hardcoded

The previous passwords are stored in the BLOB column SCSRVBLOBA of the table F98OWSEC. It stores the last 10 passwords.

Its hardcoded. I believe that the value is 10 because the BLOB in the F98OWSEC has a variable array of 0 through 9, with 0 being the current password. Unless there is a "hidden" JDE.INI setting out there, I don't think its possible to increase or decrease this value. However, I think 10 is adequate for SOX Compliancy.

Unfortunately, it is not in the processing options for P98OWSEC. According to Oracle Doc ID 630496.1 (link), the system IS hard coded to hold the last 10 passwords. A change request was entered to change this back in 2002, but the current status is "04-Returned - Redesign not Planned."

If anyone is interested, all the previous passwords are stored in the BLOB field SCSRVBLOBA in table F98OWSEC.

In our testing of this, the system remembered 11 passwords - current + previous 10.
Don't know any way to change that.

Ken,

Is there a way to modify this blob field and change the values in the SCSRVBLOBA column?

Well, the only way I could think of would be to use some business function to read it, because it is encrypted using some algorithm delivered in the Tools Release.

You could try using SQL to empty the field, but I don't know what that would do. I'll have to experiment on a test server.

I tried setting the value to NULL. That doesn't work. Unable to use that user ID until I restored that field back.