PreviousNext

Password Lifespan

The password lifespan specifies the period of time before account passwords for a specific organization or the registry as a whole expire.

Generally, DCE security disables login for users whose passwords have expired.mechanism It is possible, however, to override this policy for a user such as cell_admin, in order to prevent the cell administrator from being locked out of the system by an expired password. You do this by attaching an instance of the passwd_override ERA to the principal. See Creating and Maintaining Principals, Groups, and Organizations for information on how to do this.

You define the password lifespan as the dcecp pwdlife attribute in the following form:

pwdlife {time | unlimited}

where time is a number that indicates the number of days the password is valid, and unlimited specifies an unlimited lifespan.

You can also set the exact date passwords expire by using the password expiration date policy (pwdexpdate attribute).