Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Controlling User Access
Safeguard Administrator’s Manual—523317-029
2-20
Requiring Users to Change Their Passwords
manager of the SOFTWARE group can change that user's USER-EXPIRES date with
this command:
=ALTER USER software.george, USER-EXPIRES Jan 19 2006
The ALTER user command can also be used to remove an expiration date. For
example, if SOFTWARE.GEORGE is hired as a permanent employee, the manager of
the SOFTWARE group removes his USER-EXPIRES date with this command:
=ALTER USER software.george, USER-EXPIRES
Specifying a USER-EXPIRES attribute without a date has the effect of removing any
existing USER-EXPIRES date.
Requiring Users to Change Their Passwords
The Safeguard password control mechanism protects a system against unauthorized
access. Passwords are more effective when users change them periodically. You can
use the PASSWORD-MUST-CHANGE attribute to require a user to change the
password within a specified period.
As with most other attributes of a user authentication record, the value of PASSWORD-
MUST-CHANGE can be set when a user is added to the system with ADD USER, and
the owner of the user authentication record can later change the value with ALTER
USER.
For example, SECURITY.SUSAN establishes a PASSWORD-MUST-CHANGE period
for ADMIN.BOB with the ALTER USER command:
=ALTER USER admin.bob, PASSWORD-MUST-CHANGE EVERY 30 DAYS
Then she checks the user record with the GENERAL option of the INFO USER
command:
=INFO USER admin.bob, GENERAL
The INFO USER report now shows that ADMIN.BOB must change his password at
least once every 30 days or his password expires. The LAST-MODIFIED field shows
GROUP.USER USER-ID OWNER LAST-MODIFIED LAST-LOGON STATUS WARNING-MODE
ADMIN.BOB 1,0 200,1 28JUN05, 14:09 28JUN05, 7:48 THAWED OFF
UID = 256
USER-EXPIRES = * NONE *
PASSWORD-EXPIRES = 28JUL05, 0:00
PASSWORD-MAY-CHANGE = * NONE *
PASSWORD-MUST-CHANGE EVERY = 30 DAYS
PASSWORD-EXPIRY-GRACE = * NONE *
LAST-LOGON = 28JUN05, 7:48
LAST-UNSUCESSFUL-ATTEMPT = * NONE *
LAST-MODIFIED = 28JUN05, 14:09
CREATION-TIME = 15JUN05, 02:03
FROZEN/THAWED = THAWED
STATIC FAILED LOGON COUNT = 0
STATIC-FAILED-LOGON-RESET = * NONE *
GUARDIAN DEFAULT SECURITY = OOOO
GUARDIAN DEFAULT VOLUME = $SYSTEM.NOSUBVOL