Administrator's Guide
• Time of last successful and unsuccessful password changes
• Absolute time (date) when the account will expire
• Maximum time allowed between logins before the account is locked
• Number of days before expiration when a warning will appear
• Whether passwords are user-generated or system-generated
• Password triviality check to prevent common words or well-known terms from being
used as passwords
• Type of system-generated passwords
• Null passwords
• User ID of last person to change password, if not the account owner
• Time periods when this account can be used for login
• Identification of terminal or remote hosts associated with the last successful and
unsuccessful logins to this account
• Number of unsuccessful login attempts; cleared upon successful login
• Maximum number of login attempts allowed before account is locked
A.3.2 Password Selection and Generation
On trusted systems, the following password generation options are available:
• User-generated passwords.
A password screening option is available to check for the use of login and group
names, login and group name permutations, and palindromes.
A new password must differ from the old password by at least 3 characters.
• System-generated passwords using a combination of letters only.
• System-generated passwords using a combination of letters, numbers, and punctuation
characters.
• System-generated passwords using pronounceable meaningless syllables.
You can set password generation options for a system. Alternately, you can set password
generation options on a per-user basis, overriding the system default.
You must set at least one password generation option for each user. If more than one
option is available to a user, a password generation menu is displayed when the user
changes the password.
A.3.3 Password Aging
You can enable or disable password aging for each user. When password aging is
enabled, the system maintains the following for the password:
Minimum time The minimum time required between password changes. This
prevents a user from changing the password and then changing
it back immediately to avoid memorizing a new one.
Expiration time A time after which a user must change that password at login.
Warning time The time before expiration when a warning will be issued.
A.3 Managing Trusted Passwords and System Access 195