Switching password aging on/off (passwd_age)

Last Updated : Dec 19, 2024 |

About this task

Password aging is off by default. You can use this process to turn password aging on/off, and to set the default number of days for aging.

When password aging is on:

  • Password aging affects all Linux and CMS users who use the /usr/bin/cms shell. However, you can exclude specific users from the password aging policy, see Excluding a user from password aging.

    • Non-CMS users such as root, root2, or informix do not age.

    • If you are using LDAP, the server running the directory service controls password aging.

  • When password aging is on, the system modifies the RHEL policy file /etc/passwd.

Important:

  • To avoid additional password administration, Avaya recommend that you exclude specific users before turning password aging on.

Procedure

  1. Log in to the CMS server with root privileges.

    • To log in as root from a remote connection, you must log in using an CMS user ID, then enter su - root to log on with root privileges

  2. Enter cmsadm. The system displays the administration menu.
  3. Enter the number associated with the passwd_age option. The output displays the following: 
    1) Turn on password aging
2) Turn off password aging
3) Change password aging interval
or q to quit: (default 1)
  4. Do one of the following:

    • To turn password aging on:

      Enter 1. CMS prompts you to also enter the number of weeks before passwords expire. You can enter a value between 1 and 52 weeks. If you do not enter a value, CMS sets the default passwords aging to 9 weeks.

    • To turn password aging off:

      Enter 2 and then enter y to confirm when prompted.

    • To change the current default password aging period:

      Enter 3 to change the password current password aging interval and then specify the maximum number of weeks before passwords expire. You can enter a value between 1 and 52.

Related information
Using the CMSADM menu
Configuring password aging