A quick way to "un-expire" all accounts is:
/usr/lbin/modprpw -V
You should also make sure the root account is set to not expire:
/usr/lbin/modprpw -l -m lftm=0,exptm=0,mintm=0,expwarn=0,llog=0 root
Note that the default (non-trusted) password mode will store only the first 8 characters of passwords; when in default mode, this is not a problem as the password checking routines will ignore any characters beyond 8. But after switching to trusted system mode, all the characters typed by the user are checked.
So if the user has used a 9-character or longer password until now, after the conversion to Trusted mode the user must first type _only the first 8 characters_ of his/her old password. When the user changes his/her password while Trusted mode is in effect, all the characters will be stored (up to the configurable maximum password length limit) and then the password will work normally again.
MK
