Reference Guide › Command Reference › EXPIRE Command

EXPIRE Command

Use the EXPIRE command to expire logon passwords.

EXPIRE userid

Definition

userid

The user ID whose logon password is to be expired.

Description

The EXPIRE command expires a logon password for a specified user ID. The next time a user ID with an expired logon password logs on and CA VM:Director is active, CA VM:Director prompts the user ID to change the password. User IDs that are autologged are not affected until the machine is logged on in a connected state.

(CA VM:Secure only) If the Rules Facility is installed, the EXPIRE command updates the user ID’s directory entry by changing the flag special comment (*FL=) to indicate that the logon password is expired. An automatic expiration feature is also available when the Rules Facility is implemented. This method does not mark the directory entry as expired.

If you are using CA VM:Director or running CA VM:Secure without the Rules Facility, the IPLDISK record is required in the PRODUCT CONFIG file in order to use the EXPIRE command. The EXPIRE command updates the user’s directory entry by adding an expire special comment (*EX=) and a directory link to the IPLDISK minidisk, and modifying the user’s IPL statement. The added special comment provides the date the EXPIRE command was issued and the user ID that issued the command.

If you have user IDs that you do not want to expire on a regular basis, remove the password history special comment (*PW=) from their directory entries. (User IDs whose directory entries do not contain the *PW= special comment are not listed in the CMS EXEC file created by a QUERY PASSWORD command.) If you need to run the VMXGNR utility, specify the NOPW option so *PW= special comments are not inserted in all directory entries.

Example

To expire a group of user IDs at one time, use the QUERY command to create a CMS EXEC that lists all user IDs whose logon passwords have not changed in the last 30 days and whose logon passwords have not expired:

vmdirect query password 30 (exec

To expire those user IDs, enter:

cms vmdirect expire

The system responds, listing the name of each user ID and then listing when that user ID is actually expired.

Note:

• For information about changing logon passwords to NOLOG, so that the user ID is inactive and inaccessible, see NOLOG Command.
• For information about querying old passwords or other monitored functions, see QUERY Command.
• For information about running VMXGNR, see VMXGNR Utility.
• (CA VM:Secure only) For more information about the automatic expiration of logon passwords, see Automating Password Expiration in the Rules Facility Guide.