Password privilege expiration dates only take effect when the user logs in. If a user is already logged in, the expiration date has no effect until the user logs out or tries to use rlogin or telnet to connect to another machine at which time the user will not be able to log in again. Thus, if you are going to implement password privilege expiration dates, you should require your users to log out at the end of each day's work session.
If you have Solaris Management Console tools available, do not use nistbladm to set an expiration date. Use Solaris Management Console tools because they are easier to use and provide less chance for error.
nistbladm -m `shadow=n:n:n:n:n:n6:n' [name=login],passwd.org_dir
login is the user's login ID
n indicates the values in the other fields of the shadow column
n6 is the date on which the user's password privilege expires This date is entered as a number of days since January 1, 1970 (see Table 16–2). n6 can be one of the following values:
Minus one (-1). A value of minus one (-1) turns off the expiration feature. If a user's password has already expired, changing this value to -1 restores the password. If you do not want to set any expiration date, type -1 in this field.
Greater than zero. A value greater than zero sets the expiration date to that number of days since 1/1/70. If you enter today's date or an earlier date, you immediately expire the user's password.
For example, to specify an expiration date for the user pete of December 31, 1995 you would type:
station1% nistbladm -m `shadow=n:n:n:n:n:9493:n' [name=pete],passwd.org_dir
All of the fields must be filled in with valid values.