PRIMARY-PASSPHRASE attribute
- Last Updated: January 21, 2026
- 2 minute read
- OpenEdge
- Version 12.8
- Documentation
Sets the secret passphrase (or password) required
to authenticate the user identity asserted through attributes of
an unsealed client-principal object (in the INITIAL state). This
is the same value that you specify for the Password (-P)
connection parameter when you connect to an OpenEdge database with
the same user identity.
Data type: CHARACTER
Access: Write-only
Applies to: Client-principal object handle
The default value is the Unknown value (?).
The value that you set is the cleartext or encoded value of the password required to authenticate the user account identity specified using the QUALIFIED-USER-ID attribute. For information on setting an encoded password value, see ENCRYPT-AUDIT-MAC-KEY( ) method and Password encoding.
Attempting to read this attribute returns an error message and sets the ERROR attribute to TRUE on the ERROR-STATUS system handle.
ABL also raises ERROR if you attempt to:
- Assign the Unknown value (
?) - Assign the attribute when the client-principal is sealed and is in the LOGIN, LOGOUT, EXPIRED, or FAILED state (see the LOGIN-STATE attribute entry)
- Use an unsupported Encoding prefix.
OpenEdge uses this value to authenticate a user identity only when you call the SECURITY-POLICY:SET-CLIENT( ) method or the SET-DB-CLIENT function on an unsealed client-principal object, which seals the object and sets the identity in a single, OpenEdge-performed user authentication operation.
Use an encoded value for this attribute especially when you export the unsealed client-principal to a remote authentication service or to any other ABL session prior to sealing the object. For more information on exporting a client-principal, see EXPORT-PRINCIPAL( ) method.
If your application authenticates the identity, it must also seal the client-principal by calling the SEAL( ) method before using the object to set the identity. However, the SEAL( ) method does not require any setting of this attribute.
OpenEdge does not store the setting of this attribute. Once the client-principal object is sealed, OpenEdge removes all trace of the attribute value from the client-principal.There is currently no support for specifying a secondary passphrase value in OpenEdge.