cancel
Showing results for 
Search instead for 
Did you mean: 

C2 security

Rupert_1
Advisor

C2 security

C2 is enable, how to set expiration login for one user and how to apply for all users.
Thanks
3 REPLIES
Michael Schulte zur Sur
Honored Contributor

Re: C2 security

Hi,

according to the security administration doc you use:
â ¢ The dxaccounts GUI to modify the default fields for users by going to
Local Templatesâ Default.
â ¢ The dxdevices GUI to modify the default fields for devices.
â ¢ The edauth utility provides a lower-level interface to all of the default
fields.

to change the user properties.

greetings,

Michael

ps. I assume yo
Ann Majeske
Honored Contributor

Re: C2 security

You can either set an expiration for the password or set an expiration for the user's account.

To set one of these expirations on an individual account, in dxaccounts, on either the "local users" view or the "nis users" view click on the username. Clicking on the "security" button will bring up the Enhanced Security (C2) account attributes.

There are several pages of security attributes, which you can select with the "Turn to" selector. Under "Password Controls" you can select: "Minimum Change Time", which is how long a user must wait after changing their password to be able to change it again; "Expiration Time", if a user hasn't changed their password before this time expires they are required to change their password the next time they log in; or "Lifetime", if a user hasn't changed their password before this expires their account is locked. Under "Login Restrictions" you can select "Expiration Date" which is the calendar date on which the account is locked.

The password expirations can also be set on the system default template, which applies the default to all user accounts that don't have a password expiration set on the account itself (the account attributes superceed the defaults). To set the password expirations in the system default template using dxaccounts, in the "Local Templates" view select "default". Clicking on the "security" button will bring up the Enhanced Security (C2) default attributes. You set these in the same way as the account attributes.

As Michael pointed out, you can also set these attributes using the edauth tool. See the man page for edauth for a description of the tool, and the man pages for prpasswd and default for a description of the attributes.

Ann
Patrick Giblett
Occasional Contributor

Re: C2 security

It is also possible to set these values using the useradd & usermod commands


to set global defaults (for new users) us useradd -D -x passwd_expiry_time="xxx"


se man useradd for more details