Previous Topic: CP Privilege ClassesNext Topic: Checking Password Expirations for User IDs You Manage

Directory Manager GuideManaging Directory EntriesViewing Information About Directory Entries That You ManageDisplaying Features or Activity of User IDs You ManageUser IDs That Have Old Passwords

User IDs That Have Old Passwords

If your CA VM:Director system administrator has defined user IDs’ directory entries this way, you can check on these user IDs’ old passwords. You can display the names of user IDs you manage whose passwords have not been changed in a certain number of days, where you select that number of days. This information is displayed for active user IDs with valid passwords, and does not include user IDs with expired passwords and new user IDs who have not changed their passwords since they were created.

For example, to list the user IDs who have not changed passwords in 60 days, enter the following:

vmdirect query password 60

The response is a list of user IDs that fit this criterion and the date they last updated their passwords. For example:

Entry            Updated     
FRASIERC         yy/mm/dd    
REBECCAH         yy/mm/dd    
NICKT            yy/mm/dd

If a user ID that you know has an old password does not appear in this list, ask your CA VM:Director system administrator to add a password history special comment (*PW=) to that user ID’s directory entry.

User IDs with passwords that are too old can be automatically expired if your CA VM:Director system administrator has made provisions for managing inactive user IDs this way. If you see a user ID on this list of user IDs with old passwords, and you do not want that user ID automatically expired, ask your CA VM:Director system administrator to remove the password history special comment from that user ID’s directory entry. You can still expire this user ID’s password with the EXPIRE command, even if its directory entry does not include this special comment.

You can save the list of user IDs that you manage that have old passwords in a CMS EXEC file on your A–disk. If you choose to expire old logon passwords on a regular basis, this EXEC file will be useful for expiring all old passwords at the same time. For example, to save the list of user IDs with passwords older than 45 days, enter the following:

vmdirect query password 45 (exec

The content of the EXEC file looks like the following:

&1 &2   FRASIERC     yy/mm/dd     300K     42.0K    1300K
&1 &2   REBECCAH     yy/mm/dd    2500K     25.0K     200K

The name of this EXEC is always CMS EXEC.

Note: For more information about expiring old passwords on a regular basis by using an EXEC, see Expiring Several Passwords at the Same Time.