 |
» |
|
|
|
Passwords that never change present a security risk to the system. System and
Account Managers can cause individual user passwords to expire using standard
system facilities. These facilities are the USERPASS=EXPIRED options
of the :NEWUSER and :ALTUSER commands. In addition, the system can be set so that all required passwords in the
system can be made to expire simultaneously at specified intervals. When
such intervals occur, users must enter new passwords or find themselves locked
out of the system. Discussion |  |
On the expiration date, only user passwords that were not changed during the
warning period expire. Users with expired passwords must select a new
password the next time they log on. For example, suppose Susan has
allowed her password to expire. When she logs on, she sees the
following:
:HELLO SUSAN.MYACCT,LAPIN
ENTER ACCOUNT PASSWORD: (Susan enters password)
ENTER USER PASSWORD: (Susan enters password)
ENTER GROUP PASSWORD: (Susan enters password)
USER PASSWORD HAS EXPIRED
ENTER NEW PASSWORD: (Susan enters new password)
ENTER NEW PASSWORD AGAIN: (Susan enters new password again)
PASSWORD WAS CHANGED SUCCESSFULLY
|
If the user makes a mistake when entering the new password the second
time, the system prints the message NEW PASSWORD NOT VERIFIED, and asks the user to enter the new password again. If the user is not
successful after three tries, the logon process terminates, and the user
must go though the procedure again. A user will not be allowed to log on
until a new password is successfully entered. Effects of Expired User Passwords |  |
Expiration of a password has the following effects on users: The global expired user password function causes the expiration only of
required user passwords, regardless of whether required at the user or account level. Required user passwords are marked for expiration at the beginning of
the warning period. Thus, if a new user establishes a required password
after the start of the warning period, that password is not affected by
the forced expiration. Of course, it will be affected by the next forced
expiration. If a user's password has expired, and the user is forced to enter a new
password, it cannot be the same as the one that just expired. When a required password expires, the new password must meet the same
requirements as the previous password. It must satisfy the password minimum
length function, and the user password required function. (A blank password
is not allowed, the password must be of a minimum length, and the password
must be different from the previous one.) Users can replace expired passwords only during interactive logon
attempts. Other types of logon attempts will fail. Users should check that
UDCs programs and job streams that include logon commands can recover
from such failures.
|