The IPLDISK provides support for password expiration without the Rules Facility. When you are comfortable with the Rules Facility, and you no longer need to fall back to using the IPLDISK method of expiring passwords, you can remove it. You can perform this step at any time after installing the Rules Facility. You do not need to bring CA VM:Secure down. The instructions in this section assume your IPLDISK is the 1B3 minidisk.
When you use the Rules Facility, the EXPIRE command does not add a directory link to the IPLDISK or modify the IPL statement to force a user ID to change its logon password. Instead, a password flag (*FL=) special comment statement in each user ID’s directory entry indicates the status of a user’s logon password.
The IPLDISKX command makes all the necessary changes to your directory entries to allow expiration of logon passwords with the EXPIRE command and the Rules Facility. The IPLDISKX command scans a user’s directory entry and removes the link to the IPLDISK minidisk, modifies the IPL statement, removes the EXPIRE statement, and replaces the expire special comment statement (*EX=) with a *FL= special comment. To convert a group of user IDs at one time, create a CMS EXEC using the QUERY command. The IPLDISKX command is valid only with the IPLDISK record in the PRODUCT CONFIG file.
Do not remove the IPLDISK record from the PRODUCT CONFIG file until all user IDs have been converted to the method of expiration implemented with the Rules Facility.
For example, to use an EXEC to convert a group of user IDs from IPLDISK expiration to automatically expire, you can use the following procedure.
To convert User IDs expiration from IPLDISK to Rules Facility Method
vmsecure query users (exec manager *
cms vmsecure ipldiskx
vmsecure cms det 1b3 vmsecure delmdisk vmsecure 1b3
vmsecure config product
|
Copyright © 2014 CA.
All rights reserved.
|
|