Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Controlling User Access
Safeguard Administrator’s Manual523317-029
2-23
Granting a Grace Period for Changing an Expired
Password
Granting a Grace Period for Changing an Expired Password
You can use the PASSWORD-EXPIRY-GRACE attribute to specify a grace period
during which a user can change his or her expired password. The
PASSWORD-EXPIRY-GRACE attribute can be specified either in the user
authentication record for an individual user or in the Safeguard configuration record for
all users. If the grace period is specified in both records, the value in the user
authentication record takes precedence.
For example, assume that SECURITY.SUSAN wants to grant ADMIN.BOB a grace
period of 10 days during which he can change his password if he allows it to expire.
She enters this ALTER USER command:
ALTER USER admin.bob, PASSWORD-EXPIRY-GRACE 10 DAYS
She then displays the user record to verify the results of the command:
INFO USER admin.bob, GENERAL
The general INFO USER report shows that ADMIN.BOB now has a grace period of
10 days in which to change an expired password. If ADMIN.BOB allows his password
to expire, he can change it during the grace period. To change his expired password,
ADMIN.BOB must log on during the grace period. He cannot use the PASSWORD
program during this period because he cannot log on until the expired password is
changed. For more information on logon dialog, see the Safeguard Users Guide.
Forcing Immediate Expiration of a User Password
You can use the PASSWORD-EXPIRES attribute to cause the immediate expiration of
a user password. This feature can be particularly useful when you want a new user to
change his or her password during their first logon attempt. To accomplish this, add the
user with an expired password and grant a grace period during which the user can
change the password.
GROUP.USER USER-ID OWNER LAST-MODIFIED LAST-LOGON STATUS WARNING-MODE
ADMIN.BOB 1,0 200,1 29JUL05, 8:56 27JUL05, 8:02 THAWED OFF
UID = 256
USER-EXPIRES = * NONE *
PASSWORD-EXPIRES = 28AUG05, 0:00
PASSWORD-MAY-CHANGE = * NONE *
PASSWORD-MUST-CHANGE EVERY = 30 DAYS
PASSWORD-EXPIRY-GRACE = 10 DAYS
LAST-LOGON = 27JUL05, 8:02
LAST-UNSUCESSFUL-ATTEMPT = * NONE *
LAST-MODIFIED = 29JUL05, 8:56
CREATION-TIME = 15JUN05, 02:03
FROZEN/THAWED = THAWED
STATIC FAILED LOGON COUNT = 0
STATIC-FAILED-LOGON-RESET = * NONE *
GUARDIAN DEFAULT SECURITY = OOOO
GUARDIAN DEFAULT VOLUME = $SYSTEM.NOSUBVOL