HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Password Expiry Notification

 
SOLVED
Go to solution
Trace Trembath
Frequent Advisor

Password Expiry Notification

I thought password expiry notification came 1 week prior to the end of a passwords lifetime. Is that correct? So if the password lifetime was 60 days, the expiry notification should start coming at 53 days?

Thank you.

Regards,
Trace Trembath
12 REPLIES
Arch_Muthiah
Honored Contributor

Re: Password Expiry Notification

Trace,

Yes it is 1 week. But I am not sure any system parameter (sysgen) or any other parameter is available to change this interval.

Archunan
Regards
Archie
John Gillings
Honored Contributor
Solution

Re: Password Expiry Notification

Trace,

No, it's not 1 week, it's 5 days:

"Guide to OpenVMS System Security V7.3
3.7.1 Changing an Expired Password

As you approach the expiration time of your password, you receive an advance warning message. The message first appears 5 days before the expiration date and at each subsequent login. The message appears immediately below the new mail message and sounds the bell character on your terminal to attract your attention."

There is no adjustment (though if someone was really enthusiastic and had access to sources, I'm sure they could come up with a patch). I'm not certain if it's an exact "expiration date/time - 120 hours" or any login in the 5th day prior to the day of expiration.

Also note, if you don't login you won't see the message - many of my terminal sessions last MUCH longer than my password lifetime, so I rarely see warnings.
A crucible of informative mistakes
Arch_Muthiah
Honored Contributor

Re: Password Expiry Notification

Yes Trace, it is 5 days only. But I remember it was 7 days in the old versions. John, have any idea about this notification limit in the older VMS versions.


Archunan

Regards
Archie
Stanley F Quayle
Valued Contributor

Re: Password Expiry Notification

Instead of adding a SYSGEN parameter, a "cleaner" approach would be to use the $GETUAI system service. You could add the UAI$_PWD_DATE and UAI$_PWD_LIFETIME values, subtract off whatever number of days you'd like, and "do" something (message? email?).

It would be easy to run this program in the SYLOGIN (interactive users only, please).

http://www.stanq.com/charon-vax.html
John Gillings
Honored Contributor

Re: Password Expiry Notification

Archunan,

>But I remember it was 7 days in the old
>versions. John, have any idea about this
>notification limit in the older VMS
>versions.

Sorry, as far as I can remember it's always been 5 days.
A crucible of informative mistakes
David B Sneddon
Honored Contributor

Re: Password Expiry Notification

I believe the logical LGI$EXPIRATION_WARNING_DAYS
(defined in the system table) can be used to
override this.

Dave
Robert Atkinson
Respected Contributor

Re: Password Expiry Notification

That's a heck of a find Dave - where did you get it from?

Rob.
Volker Halle
Honored Contributor

Re: Password Expiry Notification

A TIMA article (from http://askq.compaq.com/) says that the Password Expiration Notification Time cannot be changed...

http://h18000.www1.hp.com/support/asktima/operating_systems/00969029-CABDE5A0-1C0186.html

But SEARCH SYS$SYSTEM:LOGINOUT.EXE may indicate otherwise ;-)

Dave, did you try it ? Does it work ? If not documented, it's not supported, but that doesn't mean it doesn't work.

Volker.
Karl Rohwedder
Honored Contributor

Re: Password Expiry Notification

Worth a try...

$ pi strings loginout.exe | ssi LGI$
LGI$LOGINOUT_CALLOUTS0
LGI$LOGINOUT_CALLOUTS
LGI$LOGINOUT_CALLOUTS
LGI$EXPIRATION_WARNING_DAYS
LGI$PASSWORD_NOCHANGE_DAYS

regards Kalle
David B Sneddon
Honored Contributor

Re: Password Expiry Notification

I found it in the source listings. The history
indicates it was done in about 2001.

I have not tried it...

Dave
Wim Van den Wyngaert
Honored Contributor

Re: Password Expiry Notification

Note that the warning is not given when no password is verified. E.g. rlogin or ssh.

Also note that rlogin allows login even when the password is expired. And ssh too but that could be configurable.

Wim
Wim
Trace Trembath
Frequent Advisor

Re: Password Expiry Notification

Thank you to all who replied to my question. I believe I have what I need now. Thank you very much. Have a great day everyone!

Regards,
Trace Trembath