Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Controlling User Access
Safeguard Administrator’s Manual—523317-029
2-24
Freezing a User's Ability to Access the System
For example, assume that the current time is 10:14 on July 29, 2005. To add the new
user ADMIN.ALICE with an expired password and a password expiry grace period of
five days, ADMIN.MANAGER enters this command:
=ADD USER admin.alice, 1,6, LIKE admin.bob, PASSWORD abc,&
=PASSWORD-EXPIRES 29 jul 2005, 10:00,&
=PASSWORD-EXPIRY-GRACE 5 DAYS
The PASSWORD-EXPIRES attribute specifies a time that has already passed.
Therefore the user password is expired.
ADMIN.MANAGER then displays the user record to verify the results of the command:
INFO USER admin.alice, GENERAL
The display shows that Alice has five days in which to log on and change her
password.
The PASSWORD-EXPIRES attribute can also be set to a future date. However, this
date is altered if you subsequently set the user PASSWORD-MUST-CHANGE attribute
or if the user changes the password before expiration.
Freezing a User's Ability to Access the System
Security administrators occasionally need to suspend a user's ability to log on to the
system. For example, when a user goes on vacation, a security administrator might
want to ensure that nobody else uses that user's identity to gain access to the system
while the user is away. A security administrator can use the FREEZE USER command
to freeze a user ID and its associated user name. While a user ID is frozen, nobody
can use the user ID or its associated user name to gain access to the system.
However, freezing a user authentication record has no effect on user aliases
associated with the user ID. The user can still log on using an alias.
GROUP.USER USER-ID OWNER LAST-MODIFIED LAST-LOGON STATUS WARNING-MODE
ADMIN.ALICE 1,6 200,1 29JUL05, 10:14 * NONE * PSWD-EXP OFF
UID = 262
USER-EXPIRES = * NONE *
PASSWORD-EXPIRES = 29JUL05, 10:00
PASSWORD-MAY-CHANGE = * NONE *
PASSWORD-MUST-CHANGE EVERY = 30 DAYS
PASSWORD-EXPIRY-GRACE = 5 DAYS
LAST-LOGON = * NONE *
LAST-UNSUCESSFUL-ATTEMPT = * NONE *
LAST-MODIFIED = 29JUL05, 10:14
CREATION-TIME = 15JUN05, 02:03
FROZEN/THAWED = THAWED
STATIC FAILED LOGON COUNT = 0
STATIC-FAILED-LOGON-RESET = * NONE *
GUARDIAN DEFAULT SECURITY = OOOO
GUARDIAN DEFAULT VOLUME = $SYSTEM.NOSUBVOL