Sets the secret passphrase (or password) required to authenticate the user identity asserted through attributes of an unsealed client-principal object (in the INITIAL state). This is the same value that you specify for the Password (-P) connection parameter when you connect to an OpenEdge database with the same user identity.
Note: This value has no relation to the domain access code used to seal (or validate the identity of a sealed) client-principal object.
The value that you set is the cleartext or encrypted value of the password required to authenticate the user account identity specified using the QUALIFIED-USER-ID attribute. For information on setting an encrypted password value, see the ENCRYPT-AUDIT-MAC-KEY( ) method entry in this manual and the documentation on encrypted passwords in OpenEdge Development: Programming Interfaces.
Assign the attribute when the client-principal is sealed and is in the LOGIN, LOGOUT, EXPIRED, or FAILED state (see the LOGIN-STATE attribute entry)
OpenEdge uses this value to authenticate a user identity only when you call the SECURITY-POLICY:SET-CLIENT( ) method or the SET-DB-CLIENT function on an unsealed client-principal object, which seals the object and sets the identity in a single, OpenEdge-performed user authentication operation.
Use an encrypted value for this attribute especially when you export the unsealed client-principal to a remote authentication service, or to any other ABL session prior to sealing the object. For more information on exporting a client-principal, see the EXPORT-PRINCIPAL( ) method entry in this manual.
If your application authenticates the identity, it must also seal the client-principal by calling the SEAL( ) method before using the object to set the identity. However, the SEAL( ) method does not require any setting of this attribute.
Note: OpenEdge does not store the setting of this attribute. Once the client-principal object is sealed, OpenEdge removes all trace of the attribute value from the client-principal.
There is currently no support for specifying a secondary passphrase value in OpenEdge.