You can suspend accounts that have not been used recently. You can use the set password-last-use command to set the amount of time before an unused account is suspended.
If you use this command, each user must log in successfully at least as frequently as you set. If this does not occur, the account is suspended.
To set the number of days a password remains valid if it is not used, use the following command:
set password-last-use = number-days | 0;
Example: Suspend Unused Accounts After 60 Days
In this example, you want to users to log in at least once every 60 days, and to change their password at least every 90 days.
To set this up, use these commands:
set password-policy = true; set password-age = 90; set password-last-use = 60;
Example: Suspend Unused Accounts, Do Not Force Password Changes
In this example, you want to allow people to keep using the same password, as long as they log in at least every 10 days.
To make passwords valid indefinitely except when they are not used for 10 days, use these commands:
set password-policy = true; set password-last-use = 10;
You do not need to use the set password-age option because you are using its default value of 0 (off).
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |