- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: /PWDLIFETIME and /EXPIRATION qualifiers in the...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2007 02:00 AM
тАО04-09-2007 02:00 AM
WhatтАЩs the fundamental difference between the /PWDLIFETIME and /EXPIRATION qualifiers in the AUTHORIZE utility? If I understand correctly, /PWDLIFETIME is only to specify the expiration of the password if the account was not in use while /EXPIRATION is for both whether the account was used or not, is that correct? If not please explain.
Thanks for the answers, Yaron.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2007 02:13 AM
тАО04-09-2007 02:13 AM
Re: /PWDLIFETIME and /EXPIRATION qualifiers in the AUTHORIZE utility
the /EXPIRATION time is the absolute date and time, when the password will expire, whether the account is used or not.
The /PWDLIFETIME time is the delta time, the password will be valid, after it has been initially set or after it has been updated by the user. The password will be valid until 'Pwdchange time' plus PWDLIFETIME.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2007 02:20 AM
тАО04-09-2007 02:20 AM
Solutionbasically, they are entirely different, and not related to one another.
/EXPIRATION specifies the termination date of the validity of the account ( = username +
From the moment the clock/calender reaches the specified moment, that user can no longer log in (until a change of the qualifier. of course)
The /PWDLIFETIME ( a DELTA time spec )specifies the duration any new password will be valid. Once the moment of change of the password + the delta time has expired, the user is forced to change the password before anyhing else can be done interactively (it has no effect on BATCH mode login nor on remote file access).
Normally if the password is changed using AUTHORIZE, it is set pre-expired for the first login (unless /NOPWDEXPIRED is also specified)
hth
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2007 02:21 AM
тАО04-09-2007 02:21 AM
Re: /PWDLIFETIME and /EXPIRATION qualifiers in the AUTHORIZE utility
When the current date is larger than /expiration the account can no longer be used to log in to, no fresh password can be picked.
Also, the /pwdlif is a 'relative' time, and the clock starts over when the password is reset. The /expiratio is absolute. No ifs or butts. Typically you would set it at then of a contract period, or school year, or whatever date limits might exist in your environment.
hth,
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2007 02:23 AM
тАО04-09-2007 02:23 AM
Re: /PWDLIFETIME and /EXPIRATION qualifiers in the AUTHORIZE utility
>>>
the /EXPIRATION time is the absolute date and time, when the password will expire, whether the account is used or not.
<<<
Sorry, but that is NOT accurate.
/EXPIRATION also blocks BATCH and Network logins, which are NOT affected upon password expiration!
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2007 05:16 AM
тАО04-09-2007 05:16 AM
Re: /PWDLIFETIME and /EXPIRATION qualifiers in the AUTHORIZE utility
thanks for the correction. So I should have written:
>>>
the /EXPIRATION time is the absolute date and time, when the account will expire, whether it has been used or not.
<<<
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2007 08:37 PM
тАО04-09-2007 08:37 PM
Re: /PWDLIFETIME and /EXPIRATION qualifiers in the AUTHORIZE utility
Specifically, an account that shows up with
Pwdlifetime: (none) Pwdchange: (pre-expired)
will be able to login without changing the password. That is consistent with the help description, but I was baffled the first time I did a modify user/pwde and it didn't force them to change their password.
If your intent is to allow users to use a single password for a long period of time, but you want to be able to force them to change it when a new account is created, or on demand with UAF MOD user/PWDE, consider using /PWDLIFETIME=9999-0 instead of /NOPWDLIFETIME.
P.S. for Steven, the soup's good now, but it would be just a bit better if it had some potatoes added. :-)