Previous Topic: Managing Inactive CA VM:Director Directory EntriesNext Topic: Querying Inactive User IDs

Administration GuideManaging Directory EntriesManaging Inactive CA VM:Director Directory EntriesExpiring a Password Automatically

Expiring a Password Automatically

(CA VM:Secure only) You can automatically expire passwords with an IPLDISK procedure or with the Rules Facility. For more information about using the Rules Facility to automatically expire passwords, see the Rules Facility Guide.

(CA VM:Director only) You can automatically expire passwords with an IPLDISK procedure.

To use an IPLDISK procedure to expire passwords automatically, verify that all user ID directory entries contain a password history special comment (*PW=).

Follow these steps:

  1. Create an IPLDISK minidisk by adding a minidisk to the CA VM:Director directory entry. Give the minidisk a label of IPLDSK. The default virtual address is 1B3. Only one cylinder is needed.
  2. Write an IPLable program to the IPLDISK by using the VMXIPL utility.
  3. Add an IPLDISK record to the PRODUCT CONFIG file.
  4. Decide the number of days a user ID must be inactive before its password expires.
  5. Create a CMS EXEC that lists the user IDs that have been inactive for at least that many days. These are the user IDs whose passwords you want to expire.

    To do so, enter the following command, replacing 30 with the number of days of inactivity after which an inactive user ID’s password expires:

    vmdirect query password 30 (exec
  6. Expire the passwords of the user IDs listed in the CMS EXEC by entering the following command: 
    cms vmdirect expire

After you have expired the passwords of user IDs that seem to be inactive, check their status to see how long they remain with expired passwords.