To allow the end user to keep track of grace logins after the expiration, insert a call to the segrace utility in the user's .login, .profile, or .cshrc file. The segrace utility then displays a message to the user stating the number of remaining grace logins. You can also check whether a user's password has expired graphically with the segracex utility.
Note: For more information about the segrace and segracex utilities, see the Reference Guide.
To set the systemwide default value for the number of grace logins, enter the following command:
setoptions password(rules(grace(nLogins)))
To set or cancel grace logins for a specific user, enter the following command:
chusr userName {grace(nLogins) | grace‑}
To set or cancel grace logins for a profile group, enter the following command:
chgrp groupName {grace(nLogins) | grace‑}
The value set by the chusr or chgrp command overrides the system value for the users specified in that command.
Note: The grace property for a GROUP class and also the global grace login setting set the number of grace logins for a user after the user's password expires. However, the grace property in the USER class sets the password to expire immediately; the grace logins are automatically set up (using the GROUP record or the system default) after the user's password expires. You cannot set password expirations for a group, only for users.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|