VMS Help DCE_SECURITY, Admin Intro, rgy_edit, miscellaneous_commands, policy *Conan The Librarian (sorry for the slow response - running on an old VAX) |
po[licy] [organization_name] [-al lifespan | forever] [-pl passwd_lifespan | forever] [-px passwd_exp_date | none] [-pm passwd_min_length] [-pa | -pna] [-ps | -pns] Changes or displays registry standard policy or the policy for an organization. Enter organization_name to display or change policy for that specific organization. If you do not enter organization_name the subcommand affects standard policy for the entire registry. The -al option determines the account's lifespan, the period during which accounts are valid. After this period of time passes, the accounts become invalid and must be recreated. An account's lifespan is also controlled by the add and change subcommands -x option. If the two lifespans conflict, the shorter one is used. Enter the lifespan in the following in the following format: weekswdaysdhourshminutesm For example, 4 weeks and 5 days is entered as 4w5d. If you enter only a number and no weeks, days, or hours designation, the designation defaults to hours. If you end the lifepan with a number and no weeks, days, or hours designation, the number with no designation defaults to seconds. For example, 12w30 is assumed to be 12 weeks thirty seconds. The -pl option determines the password lifespan, the period of time before account's password expires. Generally, users must change their passwords when the passwords expire. However, the policy to handle expired passwords and the mechanism by which users change their passwords are defined for each platform, usually through the login facility. Enter passwd_lifespan as a number indicating the number of days. If you define a password lifespan as forever, the password has an unlimited lifespan. The -px option specifies the password expiration date in yy/mm/dd/hh.mm:ss format. Generally, users must change their passwords when the passwords expire. However, the policy to handle expired passwords and the mechanism by which users change their passwords are defined for each platform, usually through the login facility. If you define a password expiration date as none, the password has an unlimited lifespan. The -pm, -ps, -pns, -pa, and -pna options all control the format of passwords as follows: + -pm - Specifies the minimum length of passwords in characters. If you enter 0, no password minimum length is in effect. + -ps and -pns - Specify whether passwords can contain all spaces (-ps) or can not be all spaces (-pns). + -pa and -pna - Specify whether passwords can consist of all alphanumeric characters (-pn) or must include some non- alphanumeric characters (-pna).
|