HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Do I have to wait 90 days to implement the passwor...
Operating System - HP-UX
1833007
Members
2547
Online
110048
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2008 08:24 AM
07-11-2008 08:24 AM
Do I have to wait 90 days to implement the password aging on prod servers?
I am planing to implement the password aging policy including 90 days max. password change.
I told users that I am going to implement it on development servers first, then after a week observation, we will do the same on prod. servers. I feel a weeek should be enough, because there are only about 10 id's involved, and I don't expect any major issues. Plus, most of rules could be tested out in the week.
But the user is arguing how a week of observation on development will really identify issues since a couple of rules will not come into play until after 90 days?
I don't feel we have to wait for 90 days before we could implement it on productions, but don't know how to response to him.
Please help, and thanks!
I told users that I am going to implement it on development servers first, then after a week observation, we will do the same on prod. servers. I feel a weeek should be enough, because there are only about 10 id's involved, and I don't expect any major issues. Plus, most of rules could be tested out in the week.
But the user is arguing how a week of observation on development will really identify issues since a couple of rules will not come into play until after 90 days?
I don't feel we have to wait for 90 days before we could implement it on productions, but don't know how to response to him.
Please help, and thanks!
none
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2008 05:45 PM
07-11-2008 05:45 PM
Re: Do I have to wait 90 days to implement the password aging on prod servers?
Password aging is always a future event and the timer begins from the time the password was last changed. So waiting a few days doesn't provide any useful data. On the other hand, you mentioned "most of the rules" which I suppose means you are setting other security features such as password history, password character restrictions, minimum time between password changes, etc.
To test these items, simply create a dummy user and use SAM to set that user's features to a very short value (like min password change = 1 day, password expires in 2 days, password history = 2, etc
Then you can play with that user. Password controls have no effect on user activities except at login.
Bill Hassell, sysadmin
To test these items, simply create a dummy user and use SAM to set that user's features to a very short value (like min password change = 1 day, password expires in 2 days, password history = 2, etc
Then you can play with that user. Password controls have no effect on user activities except at login.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2008 06:58 AM
07-14-2008 06:58 AM
Re: Do I have to wait 90 days to implement the password aging on prod servers?
Yes, what you supposed about is correct. the only "rule" we may need to wait unitl 90days is the password aging which will be set 90 days.
However, do we really need to have 90 days abservation to watch it to take effect? since it is only going to prompt you to change the password, and it seems to me no need to further test, and therefore to wait for 90days?
Thanks,
However, do we really need to have 90 days abservation to watch it to take effect? since it is only going to prompt you to change the password, and it seems to me no need to further test, and therefore to wait for 90days?
Thanks,
none
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2008 09:31 AM
07-14-2008 09:31 AM
Re: Do I have to wait 90 days to implement the password aging on prod servers?
> However, do we really need to have 90 days abservation to watch it to take effect? since it is only going to prompt you to change the password, and it seems to me no need to further test, and therefore to wait for 90days?
Whether you set the time to 90, 250 or 2 days, the behavior is exactly the same. There is no problem in setting a single user to 2 day expiration and watch what happens. There is also a password expiration warning time you can set so you can see the countdown each day. The only effect is when the password expires, the user will be prompted to change it, then logged out immediately. The next login will verify that the new password has taken effect.
Bill Hassell, sysadmin
Whether you set the time to 90, 250 or 2 days, the behavior is exactly the same. There is no problem in setting a single user to 2 day expiration and watch what happens. There is also a password expiration warning time you can set so you can see the countdown each day. The only effect is when the password expires, the user will be prompted to change it, then logged out immediately. The next login will verify that the new password has taken effect.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2008 10:11 AM
07-14-2008 10:11 AM
Re: Do I have to wait 90 days to implement the password aging on prod servers?
Shalom,
No,you are the sytems administrator.
You can implment password aging anytime you like.
You can also lock any user you choose immediatly with the passwd command.
see man passwd.
SEP
No,you are the sytems administrator.
You can implment password aging anytime you like.
You can also lock any user you choose immediatly with the passwd command.
see man passwd.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP