User Access Utilities › User Profiles › Password Validation › Password Expiry Checking
Password Expiry Checking
Toolkit will provide password expiry checking to ensure that the passwords for specified profiles have been changed within a given period. Password expiry checking is controlled by four extension attributes on the user profile. The options allow you to specify:
- A password expiry date: this specifies an absolute value for the expiry date; for example, that the password will expire on 01/04/05.
- A password expiry period in days: this specifies a value for password expiry relative to the profile’s password last change date - for example, that users must change their passwords at least every 30 days
- A password expiry option: this specifies what is to happen if the password has expired. User may either be prevented from signing on, or be allowed to change their passwords, provided that they are within a grace period: see the following section.
- A password expiry grace period: this specifies the number of days after the notional password expiry date, during which users may still sign on. During this period they will be automatically prompted to change their passwords every time they sign on.
The password control values are used to calculate two dates - a base expiry date and a grace expiry date. The next section, on the Initial Password Expiry Program, indicates how the dates are calculated. The following two diagrams show how these two dates are used to determine whether the user may sign on or not.
Copyright © 2014 CA.
All rights reserved.
|
|