Password and Passphrase Security › Password Controls › Password Expiration Intervals

Password Expiration Intervals

A password expiration interval is the number of days before CA Top Secret forces a user to change his password. This interval can range from 0 to 255 days. If 0 is specified, then the user never has to change his password.

When a user’s password is about to expire, CA Top Secret will issue a PASSWORD EXPIRATION WARNING message on the job log or terminal. Once the user’s password expires, the user must provide a new password before he can sign on to CA Top Secret again. A user may change his password before, on, or after the day it expires.

Administrators can use the password expiration interval to:

• Set the password expiration interval on a user-to-user basis, from 0 - 255 days
• Specify EXP so that a user’s password will expire immediately upon logon
• Specify the minimum number of days that a user must wait after changing his password, before he may change it again (MINDAYS=nn).

These specifications help to minimize the chances of password exposure or disclosure.