HP 3000 Manuals HP 3000 Manuals
If Your Password Expires
Passwords that never change present a security risk to the system.
System and Account Managers can cause individual user passwords to
expire using standard system facilities. These facilities are the
USERPASS=EXPIRED options of the :NEWUSER and :ALTUSER commands.
In addition, the system can be set so that all required passwords in the
system can be made to expire simultaneously at specified intervals. When
such intervals occur, users must enter new passwords or find themselves
locked out of the system.
Discussion
On the expiration date, only user passwords that were not changed during
the warning period expire. Users with expired passwords must select a
new password the next time they log on. For example, suppose Susan has
allowed her password to expire. When she logs on, she sees the
following:
:HELLO SUSAN.MYACCT,LAPIN
ENTER ACCOUNT PASSWORD: (Susan enters password)
ENTER USER PASSWORD: (Susan enters password)
ENTER GROUP PASSWORD: (Susan enters password)
USER PASSWORD HAS EXPIRED
ENTER NEW PASSWORD: (Susan enters new password)
ENTER NEW PASSWORD AGAIN: (Susan enters new password again)
PASSWORD WAS CHANGED SUCCESSFULLY
If the user makes a mistake when entering the new password the second
time, the system prints the message NEW PASSWORD NOT VERIFIED, and asks
the user to enter the new password again. If the user is not successful
after three tries, the logon process terminates, and the user must go
though the procedure again. A user will not be allowed to log on until a
new password is successfully entered.
Effects of Expired User Passwords
Expiration of a password has the following effects on users:
* The global expired user password function causes the expiration
only of required user passwords, regardless of whether required at
the user or account level.
* Required user passwords are marked for expiration at the beginning
of the warning period. Thus, if a new user establishes a required
password after the start of the warning period, that password is
not affected by the forced expiration. Of course, it will be
affected by the next forced expiration.
* If a user's password has expired, and the user is forced to enter
a new password, it cannot be the same as the one that just
expired.
* When a required password expires, the new password must meet the
same requirements as the previous password. It must satisfy the
password minimum length function, and the user password required
function. (A blank password is not allowed, the password must be
of a minimum length, and the password must be different from the
previous one.)
* Users can replace expired passwords only during interactive logon
attempts. Other types of logon attempts will fail. Users should
check that UDCs programs and job streams that include logon
commands can recover from such failures.