test

System Administration Guide: Naming and Directory Services (NIS+)

Establishing a Password Warning Period in NIS+

The warn argument to the passwd command specifies the number of days before a password reaches its age limit that users will start to seeing a Your password will expire in N days message (where N is the number of days) when they log in.

For example, if a user's password has a maximum life of 30 days (set with the -max argument) and the warn value is set to 7 days, when the user logs in on day 24 (one day past the warn value) the warning message Your password will expire in 7 days is displayed. When the user logs in on day 25, the warning message Your password will expire in 6 days is displayed.

Keep in mind that the warning message is not sent by Email or displayed in a user's console window. It is displayed only when the user logs in. If the user does not log in during this period, no warning message is given.

Keep in mind that the warn value is relative to the max value. In other words, it is figured backwards from the deadline set by the max value. Thus, if the warn value is set to 14 days, the Your password will expire in N days message will begin to be displayed two weeks before the password reaches its age limit and must be changed.

Because the warn value is figured relative to the max value, it only works if a max value is in place. If there is no max value, warn values are meaningless and are ignored by the system.

The warn argument uses the following format:


passwd -x max -w warn username

Where:

For example, to force the user nilovna to change passwords every 45 days, and display a warning message 5 days before the password reaches its age limit you would type the command:


station1% passwd -x 45 -w 5 nilovna

The following rules apply to the warn argument:

Note –

You can also use Solaris Management Console to set a warn value for a user's password.