Previous Topic: Password Expiration and Grace LoginsNext Topic: Set Individual User or Group Password Intervals


Specify the Password Interval

At the systemwide level, you use the setoptions command to specify the interval before the system prompts all users for a new password. If the segrace utility is part of the user's login script or if you configure PAM to call segrace (if your native operating system supports PAM), CA ControlMinder informs the users that the current password has expired when the specified number of days is reached. The users can then immediately renew the password, or continue using the old password until the number of grace logins is reached. After reaching the number of grace logins, the users are denied access to the system and must contact the system administrator to select a new password.

To set or cancel the password interval at the systemwide level, use the following command:

setoptions password({interval(NumDays)|interval‑})

The value of NumDays must be zero or a positive integer. An interval of zero disables password interval checking for users. Set the interval to zero if you do not want passwords to expire. An interval of zero should only be used for users with low security requirements.

The interval‑ parameter cancels the password interval setting. If the user has a profile group with a value for this parameter, that value is used. Otherwise, the default set by the setoptions command is used. Only use this parameter with the chusr or editusr command.

More information:

Grace Logins