Q

How can I set password expiration without locking out accounts?

Several years ago we enabled Check Password in each user's person document, but did not specify a required change interval. We are now running 6.5.2 and using policies, but still have Check Password enabled in the person documents. Now we need to set a password expiration of 90 days for all users. When I create a security policy and apply it to a user who has not changed their password within the last 90 days, their account is locked out until they change their password, which is not the desired result. How can I set password expiration without locking out accounts? I've tried removing the password digest and changing the "last change date" to today and the users still need to change their password before they can access the server.
This will happen as the security policy is applied to the users for the first time. I have come across this issue, where -- like you -- password checking had been in force and was now "superceded" by the security policy settings.

The first time the policy is invoked, the security policy will check the last password date, which appears to come from the notes.id file rather than from the person document, as you have indicated. If the last change date is greater than 90 days, then the security policy settings are applied.

In my experience, if you are going to implement security settings via policy documents, it is best to remove the previous process -- that is, standard password checking through the Domino Directory -- and then apply the security policy once password checking (i.e., Domino Directory, "Actions" menu, "Set Password Fields," "Don't Check password") has been disabled.

This was first published in June 2005

Dig deeper on Lotus Notes Domino Password Management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.UK

Close