Rules Facility Guide › Security with the Rules Facility › CA VM:Secure Journal Facility and CP Journaling › Automating Password Expiration

Automating Password Expiration

Automatic password expiration can be performed by CA VM:Secure as part of its Rules Facility operation.

To set up automatic password expiration, do the following:

1. Place an AUTOEXP record in the SECURITY CONFIG file.

   The format of the AUTOEXP record is:

   AUTOEXP warning expiration
   

   • warning—The number of days after a user’s last logon password change before a warning message starts appearing.
   • expiration—The number of days after a user’s last logon password change before the password expires.
2. Put a password special comment (*PW=) in the directory entries of the user IDs whose passwords you want to automatically expire.

When the warning number of days has been reached for each user for whom you have set up automatic password expiration, the users receive the following message at each logon:

YOUR LOGON PASSWORD WILL EXPIRE IN days DAYS

This message displays every time a user logs on to his user ID until he either changes his password or the password expires.

When the expiration has been reached, the user receives the following message at next logon:

YOUR LOGON PASSWORD HAS EXPIRED

The user must now change his password.