|
|
HP Security Monitor/iX Manager's Guide: HP 3000 MPE/iX Computer Systems > Chapter 3 Managing System Users with Passwords and Logon RestrictonsRevising Old Passwords |
|
Passwords that never change present a security risk to the system. Several facilities are provided which force passwords to be revised either for individual users or for all users on the system. This section describes additional password features that are provided by the HP Security Monitor package. These features include password expiration, password aging, password encryption and enforcing of minimum length passwords for additional security. System and Account Managers can cause individual user passwords to expire using standard system commands. These facilities are the USERPASS=REQ,EXPIRED options of the :NEWUSER and :ALTUSER commands. The syntax for the expiration parameter is as follows:
Once a password has been expired, the user is prompted to enter a new password the next time they log onto the sytem. After the user supplies the new password, they are prompted to enter the password a second time to ensure that the intended password was entered. If the user makes a mistake when entering the new password the second time, the system prints the message NEW PASSWORD NOT VERIFIED, and asks the user to enter the new password again. If the user is not successful after three tries, the logon process terminates, and the user must re-start the logon process. A user will not be allowed to log on until a new password is successfully entered. The amount of time alloted for specifying a new user password is governed by the logon timer which is configured during system startup. This feature allows the System Manager to activate automatic password expiration for all users who are required to have a password. To enable this option, the System Manager specifies a number of days (from 1 to 365) which determines how long all passwords will be valid. The System Manager can specify a date (the current day is the default) for the expiration cycle to begin. The System Manager can also specify the number of days prior to the expiration on which the user is notified of the pending expiration. If this feature is enabled, this absolute expiration date takes precedence over the password aging values described later. Expiration of a password has the following effects on users:
|
|