https://community.hpe.com/t5/operating-system-hp-ux/logonid-is-quot-exceeded-last-login-time-quot-but-i-don-t-know/m-p/4646600#M731345 Matti - thank you for that great explanation!<BR /><BR />Scott Fri, 11 Jun 2010 19:08:09 GMT Scott Lindstrom_2 2010-06-11T19:08:09Z https://community.hpe.com/t5/operating-system-hp-ux/logonid-is-quot-exceeded-last-login-time-quot-but-i-don-t-know/m-p/4646598#M731343 I have an ID in which we have all password aging disabled (that I know of) yet the ID still has the second lockout flat set (lockout=0100000).<BR /><BR />Here is some relevant output:<BR /><BR />#/usr/lbin/getprpw dpiadm <BR />uid=4026, bootpw=NO, audid=85, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Tue Aug 11 10:17:09 2009, upwchg=-1, acctexp=-1, llog=-1, <BR />expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Tue Aug 11 10:04:52 2009, <BR />ulogint=-1, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=0, alock=NO, lockout=0100000<BR /><BR /><BR />General User Account Policies:<BR /> Lock Inactive Accounts:<BR /> Enabled: Maximum time allowed between logins (days): 90 (&lt;- though this should be overridden for this ID)<BR /><BR />/tcb entry:<BR /><BR />dpiadm:u_name=dpiadm:u_id#4026:\<BR /> :u_pwd=xxxxxxxxxxxxxxxx:\<BR /> :u_auditid#85:\<BR /> :u_auditflag#1:\<BR /> :u_minchg#0:u_exp#0:u_life#0:u_succhg#1250003829:\<BR /> :u_pw_expire_warning#0:u_suclog#1250003092:u_maxtries#0:u_lock@:\<BR /> :chkent:<BR /><BR /><BR />#perl -e 'print scalar localtime(1250003092)'<BR />Tue Aug 11 10:04:52 2009<BR /><BR /><BR />What can possibly be set here that makes the ID set as "Exceeded last login time"?<BR /><BR />TIA, <BR />Scott Fri, 11 Jun 2010 17:53:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/logonid-is-quot-exceeded-last-login-time-quot-but-i-don-t-know/m-p/4646598#M731343 Scott Lindstrom_2 2010-06-11T17:53:31Z https://community.hpe.com/t5/operating-system-hp-ux/logonid-is-quot-exceeded-last-login-time-quot-but-i-don-t-know/m-p/4646599#M731344 Once a lockout flag gets set on an account, it won't be unset by later changes to the password aging parameters for that account.<BR /><BR />You must explicitly unlock the account to reset the flags and make the account usable again:<BR /><BR />/usr/lbin/modprpw -k dpiadm<BR /><BR />Also note that getprpw reports "llog=-1", i.e. the system-wide inactivity policy _is_ followed with this account. The equivalent /tcb entry key would be "u_llogin", which does not appear in the /tcb entry you posted.<BR /><BR />To prevent this inactivity lock-out from happening again, use:<BR /><BR />/usr/lbin/modprpw -m llog=0 dpiadm<BR /><BR />MK Fri, 11 Jun 2010 18:44:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/logonid-is-quot-exceeded-last-login-time-quot-but-i-don-t-know/m-p/4646599#M731344 Matti_Kurkela 2010-06-11T18:44:38Z https://community.hpe.com/t5/operating-system-hp-ux/logonid-is-quot-exceeded-last-login-time-quot-but-i-don-t-know/m-p/4646600#M731345 Matti - thank you for that great explanation!<BR /><BR />Scott Fri, 11 Jun 2010 19:08:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/logonid-is-quot-exceeded-last-login-time-quot-but-i-don-t-know/m-p/4646600#M731345 Scott Lindstrom_2 2010-06-11T19:08:09Z