Previous Topic: AIX SU Group Tab

Next Topic: Shadow Options or SUN Solaris Specific Tab

AIX Password Tab

This tab lets you specify password attributes that are specific to an IBM AIX server.

The fields in this tab are listed below:

Allowed Login Times

Specifies the login day, time, and date parameters that the user is allowed to access the system. The formats of allowed login times are:

  1. Specific Times: Start Time and Stop Time are specified. The time format is hh:mm. The valid data ranges for hh and mm are 00-23 and 00-59, respectively. Stop Time is optional, but must be greater than Start Time if used.
  2. Specific Months: Start Month, Start Month Date, Stop Month and Stop Month Date are specified. Stop Month, Start Month Date and Stop Month Date are optional.
  3. Specific Months and Times: The combinations of formats 1 and 2.
  4. Specific Week Days: Start Week Day and Stop Week Day are specified. Stop Week Day is optional.
  5. Specific Week Days and Times: The combinations of formats 1 and 4.

Note: If format 2 and 4 are used for the same login time, the specific week days are ignored.

The following are the features of this field:

Exclamation Point

If you need to deny a user access to the system at specific times, select the exclamation point (!) and then enter the appropriate day, time, and date information.

The exclamation point applies to single entries and must precede each entry.

Start and Stop Time

Enter the Start and Stop times of day in the boxes provided.

The 4-character time value is specified in the 24-hour military format. An entry consisting of only a specified time applies to every day. The start hour must be less than the end hour.

Example: 8:00 A.M. to 5:00 P.M. is :0800-1700


Select the Start and Stop months of the year from the drop-down list box. You can also select the Start and Stop dates.

The range of months can be circular, such as September-June.

The date value is any day from 1-31 of a month. The value is checked against the specified month. When no date value is specified, the range is considered as the first day of the first month to the last day of the last month given.

Days of Week

Select the Start and Stop days of the week from the drop-down list box.

The range of days can be circular, such as Tuesday-Monday.

Login Authentication Grammar

Defines the user's authentication method.

Size/Type: 64 characters, maximum

Days to Warn User before Password Expires

Specifies the number of days before the system issues a warning that a password change is required.

The value must be less than the difference of the maximum age (Max Age ) and minimum age (Min Age) attributes. Values greater than this difference are ignored and a message is issued when the Min Age value is reached.

A zero or negative value indicates that no message is issued.

Password Check Method

Specifies the password restriction methods enforced on new passwords. The value is a list of comma-separated method names and is evaluated from left to right.

A method name is either an absolute path name or a path name relative to /usr/lib of an executable load module.

Password Check Method - button

Click this button to open the Password Check Method dialog.

Password Dictionary Files

Specifies the password dictionaries used by the composition restrictions when checking new passwords.

The password dictionaries are a list of comma-separated absolute path names, evaluated from left to right. All dictionary files and directories must be write protected from all users except root.

The dictionary files are formatted one word per line. The word starts in the first column and terminates with a new line character. Only 7-bit ASCII words are supported for passwords.

If you install text processing on your system, the recommended dictionary file is the /usr/share/dict/words file.

Password Dictionary Files - button

Click this button to open the Dictionary Files dialog.

Password Registry

Describes where this user is administered.

It is used whenever there is a possibility of resolving a remotely administered user to the local administration domain. This can happen when network services go down or network databases are replicated locally.

Values: files, NIS, or DCE

Size/Type: 64 characters, maximum

Number of Passwords before Reuse

Specifies the number of previous passwords a user cannot reuse.

Default: 0

Maximum Value: 50

Weeks before Password Reuse

Specifies the period of time, in weeks, during which a user cannot reuse a password.

Default: 0 or no time limit

Maximum Value: 260

Weeks between Password Expirations

Specifies the maximum time, in weeks, beyond the Max Age value during which a user can change an expired password. After this defined time, only an administrative user can change the password.

If the Max Expired attribute is 0, the password expires when the Max Age value is met. If the Max Age attribute is 0, the Max Expired attribute is ignored.

Default: -1, indicating restriction is set

Maximum Value: 52

No System Restriction

Specifies that there are no restrictions for the login password.

Default: True

Must Be Changed At the Next Connection

Specifies that the password must be changed at the first connection.

Default: False

Must Be Changed Only By User with Super User Rights

Specifies that the password can be changed by the superuser only.

Default: False

Password Max Age

Specifies the maximum age, in weeks, of a password. The password must be changed by this time.

Default: 0 or no maximum age

Maximum Value: 52 weeks

Password Min Length

Specifies the minimum length of a password.

This attribute is determined by the Min Alpha attribute added to the Min Other attribute. If the result of this addition is greater than the Min Len attribute, the minimum length is set to the result.

Default: 0 or no minimum length

Maximum Value: 8

Password Min Other Characters

Specifies the minimum number of non-alphabetic characters that must be in a new password.

Default: 0 or no minimum number

MaximumValue: 8

Password Min Different Characters

Specifies the minimum number of characters required in a new password that were not in the old password.

Default: 0 or no minimum number

Value: 8, maximum

Password Min Age

Specifies the minimum age, in weeks, a password must be before it can be changed.

Default: 0, indicating no minimum age

Value: 52 weeks, maximum

Password Min Alpha Characters

Specifies the minimum number of alphabetic characters that must be in a new password.

Default: 0 or no minimum number

Value: 8, maximum

Password Max Repeated Characters

Specifies the maximum number of times a character can be repeated in a new password. A value of 0 is meaningless, the default value of 8 indicates that there is no maximum number.

Default: 8 or no maximum number