HP OpenVMS Guide to System Security > Chapter 3 Using the System ResponsiblyPassword and Account Expiration Times
Your system manager can set up your account so that your password, or the account itself, expires automatically on a particular date and time. Password expiration times promote system security by forcing you to change your password on a regular basis. Account expiration times help to ensure that accounts are available only for as long as they are needed. As you approach the expiration time of your password, you receive an advance warning message. The message first appears 5 days before the expiration date and at each subsequent login. The message appears immediately below the new mail message and sounds the bell character on your terminal to attract your attention. The message indicates that your password is expiring, as follows:
If you fail to change your password before it expires, you receive the following message when you log in:
The system prompts you for a new password or, if automatic password generation is enabled, asks you to select a new password from those listed (see “Using Generated Passwords”). You can abort the login by pressing Ctrl/Y. At your next login attempt, the system again prompts you to change your password. When You Are Using a Secondary PasswordIf secondary passwords are in effect for your account (see “Knowing What Type of Password to Use”), the secondary password may expire at the same time as the primary one. You are prompted to change both passwords. If you change the primary password and press Ctrl/Y before changing the secondary password, the login fails. The system does not record a password change. When You Fail to Change Your PasswordIf the system manager decides not to force you to change your expired password upon logging in, you receive one final warning when you log in after your password expires, as follows:
At this point, if you do not change the password or if the system fails before you have the opportunity to do so, you will be unable to log in again. To regain access, see your system manager. If you need your account for a specific purpose for a limited time only, the person who creates your account may specify a period of time after which the account lapses. For example, student accounts at universities are typically authorized for a single semester at a time. The system automatically denies access to expired accounts. You receive no advance warning message before the account expiration date, so it is important to know in advance your account duration. The account expiration resides in the UAF record, which can be accessed and displayed only through the use of the Authorize utility (AUTHORIZE) by users with the SYSPRV privilege or equivalent---normally, your system manager or security administrator. When your account expires, you receive an authorization failure message at your next attempted login. If you need an extension, follow the procedures defined at your site. |