Previous Topic: How to Set Account Suspension Rules

Next Topic: Suspend Accounts After Failed Login Attempts

Suspend Unused Accounts

You can suspend accounts that have not been used recently. You can use the set password-last-use command to set the amount of time before an unused account is suspended.

If you use this command, each user must log in successfully at least as frequently as you set. If this does not occur, the account is suspended.

To set the number of days a password remains valid if it is not used, use the following command:

set password-last-use = number-days | 0;

Example: Suspend Unused Accounts After 60 Days

In this example, you want to users to log in at least once every 60 days, and to change their password at least every 90 days.

To set this up, use these commands:

set password-policy = true;
set password-age = 90;
set password-last-use = 60;

Example: Suspend Unused Accounts, Do Not Force Password Changes

In this example, you want to allow people to keep using the same password, as long as they log in at least every 10 days.

To make passwords valid indefinitely except when they are not used for 10 days, use these commands:

set password-policy = true;
set password-last-use = 10;

You do not need to use the set password-age option because you are using its default value of 0 (off).

More information:

set password-last-use Command


Copyright © 2009 CA. All rights reserved. Email CA about this topic