Previous Topic: Set Individual User or Group Password IntervalsNext Topic: Track Grace Logins


Grace Logins

With password checking enabled, CA ControlMinder checks whether the user's password has expired each time a user attempts to log in. After the password expires, the user can be “graced” with the opportunity to log in a few more times, after which the user can no longer log in.

The grace login option sets the maximum number of logins that are permitted after password expiration before the user is suspended. The number of grace logins must be between 0 and 255. After the number of grace logins is reached, the user is denied access to the system and must contact the system administrator to select a new password. If grace is set to zero, the user cannot log in. The default number of grace logins is five.

You can use this method to force a user to change their password. Reset the user's password and give them one grace login whence they can change their password.