OSF DCE Administration Guide--Core Components
Maintaining Policies and Properties
You define the password lifespan as the dcecp pwdlife attribute in the following form:
pwdlife {time | unlimited}
where time is a number that indicates the number of days the password is valid, and
unlimited specifies an unlimited lifespan.
You can also set the exact date passwords expire by using the password expiration date
policy (pwdexpdate attribute).
35.1.1.3 Password Expiration Date
The password expiration date sets the exact date on which account passwords for a
specific organization or for the registry as a whole expire.
Generally, DCE security disables login for users whose passwords have expired. It is
possible, however, to override this policy for a user such as cell_admin in order to
prevent the cell administrator from being locked out of the system by an expired
password. You do this by attaching an instance of the passwd_override ERA to the
principal. See Chapter 30 for information on how to do this.
You define the password expiration date as the dcecp pwdexpdate attribute in the
following form:
pwdexpdate {date | none}
where date is the date the password expires in yyyy-mm-dd format, and none specifies
that the password has no expiration date.
You can also set a period of time after which a password expires with the password
lifespan policy (pwdlife attribute).
35.1.1.4 Password Format
The password format policies apply to a specific organization or the registry as a whole.
They determine the following:
• The minimum length of passwords, defined by the dcecp registry modify
pwdminlen attribute in the form
pwdminlin integer
Passwords cannot consist of fewer characters than the number you enter for integer.
If you specify 0 (zero), no minimum length is in effect.
124243 Tandem Computers Incorporated 35−3