Warning message of password expire

Hi All,
I have a requirement. When user password is going expire in 5 days, there should be warning message when user logs into portal which says "your password is going expire in 5 days, please change".
How achieve this functionality in portal, please advice.
Thanks,
Santosh.
Edited by: Santosh Gundelli on Dec 17, 2011 10:13 AM

You can call ABAP RFC to get expiration date. You can create portal application using Netweaver Developer Studio.
File->New->Other->Portal Application->Create a Portal Application Project
Then right click on the left side project name Create a New Application Object.
Here you can write code.

Similar Messages

User login fails : password expired

Dear portal-gurus,
We're having an issue with our portal 6.0 SP15 installation. When the administrator creates a new user and that user tries to login, the error message is : password expired (no chance for the user to change / reset / his password, although this setting is enabled in the security tab).
When a user registers himself on the portal login page he can successfully login / change his password / etc.
Any help would be very appreciated !
Thanks in advance,
Stefaan Ovaere

Thanks a lot for this information... BUT...
When I try http://<server>:<port>/index.html UME asks my user to change his password. So that works. However, on the standard login page, the only message is password expired or authorization failed (for new users created by the administrator).
In the security.log file I can find :
#1.5#0014224913690069000000180000126C00040BE085A1BE39#1138958849548#/System/Security/Audit#sap.com/irj#com.sap.security.core.util.SecurityAudit#Guest#0####4bea74c0949711daa2a8001422491369#SAPEngine_Application_Thread[impl:3]_20##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[stova], IP Address=[192.168.22.141], Reason=[Access Denied.]#
But I have no clue to what this is related ! Changing the security login policy ( allow change password ) on TRUE or FALSE seems to have no effect.
We do not use LDAP... so we're talking about pure portal users.
Thanks a lot for your help,
Stefaan Ovaere

Im not getting AD password expiration notices in Leopard

Has anyone else having problems getting AD password expiration notices in AD environments on Leopard Macs? It used to work for me in Tiger, but Im not getting the warnings when I log into Leopard Macs. Entourage warns me, but the Login window isn't prompting me with the expected "Your password will expire in xxx days." All my Macs are running 10.5.2 in simple AD 2003 domain.

I have a few 10.4.11 Tiger Macs and they DO work as expected - I get Active Directory password expiration notices at the Login window of my Tiger clients.
Notes:
Most of my users are local admins (don't ask why - long story)
All of my users have managed mobile user accounts for offline access (laptop users etc)
All my Macs are running 10.5.2. None of them can get AD password notices at the login window.
All my Macs are bound to a simple AD 2003 domain. No big forest. 1 single domain.
When I log into my AD domain from a Mac, I get a TGT from the KDC (which is an Active Diectory domain controller) as expected. Thus, Kerberos appears to be working.
DNS works fine (forward and reverse lookups are resolving as expected)
It used to work for me back in Tiger, but I'm not getting the warnings when I log into my Leopard Macs. Entourage 2004 and 2008 warns me about password expiration, but the OS XLogin window isn't prompting me with the expected "Your password will expire in xxx days."
Message was edited by: Daniel Stranathan

Capturing the Message on the Login Page (Invalid user/password expired etc.

Hi, I have a requirment for capturing the error message on the Login page if the User's Account is expired or Account is Disabled or Invalid credentials, Password Lockout etc.
I am using the attached login page. Can any one please help me out on this.
<html><head><title>AARPLogin Page</title>
<script type="text/javascript" language="JavaScript" xml:space="preserve">
// This function automatically gets called for broswer detection
var isNav4 = false;
var isIE4 = false;
var isNS6 = false;
function obDetectBrowser()
if ( navigator.appVersion.charAt( 0 ) == "4" )
if ( navigator.appName == "Netscape" )
isNav4 = true;
} else {
isIE4 = true;
else
if ( navigator.appVersion.charAt( 0 ) >= 5 )
if ( navigator.appName == "Netscape" )
isNS6 = true;
obDetectBrowser ();
var HOSTNAME =
var COOKIE_OBREQUESTEDURL = "OBREQUESTEDURL";
var COOKIE_OBFORMLOGINCOOKIE = "ObFormLoginCookie";
var NCID_LANDING_PAGE_URL = "/landing/";
var QS_REDIR = "ReDir";
var keyChooser;
function checkPasswordEnterKey( event )
var form = document.forms[0];
if (isNav4 || isNS6) {
keyChooser = event.which ;
} else if (isIE4) {
keyChooser = window.event.keyCode;
if (keyChooser == 13) {
if (
form.userid.value
&& form.userid.value != ""
&& form.password
&& form.password.value != ""
form.submit();
return true;
else
alert('Please enter a UserId and Password');
return false;
function showHidePanel( panelID, displayValue )
var panelElement = document.getElementById( panelID );
if ( displayValue == 'show' )
panelElement.style.display = 'block';
else
panelElement.style.display = 'none';
function getQueryVariable( variable )
var query = window.location.search.substring( 1 );
var vars = query.split( "&" );
for ( var i=0; i < vars.length; i++)
var pair = vars[ i ].split( "=" );
if ( pair[ 0 ] == variable )
return unescape( pair[ 1 ] );
return "";
function Get_Cookie( name )
var nameEQ = name + "=";
var ca = document.cookie.split( ';' );
for( var i=0; i < ca.length; i++ )
var c = ca[ i ];
while ( c.charAt( 0 )==' ' )
c = c.substring( 1, c.length );
if ( c.indexOf( nameEQ ) == 0 )
return c.substring( nameEQ.length, c.length );
return null;
function Set_Cookie( name, value, expires, path, domain, secure)
document.cookie = name + "=" + escape( value ) +
( ( expires ) ? ";expires=" + expires.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
function Delete_Cookie( name, path, domain )
if ( Get_Cookie( name ) )
document.cookie = name + "=" +
( (path) ? ";path=" + path : "" ) +
( (domain) ? ";domain=" + domain : "" ) +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
function lostPassword()
var CurrentLogin = document.forms[0].userid.value;
if ( CurrentLogin == "" ) {
alert ( "Please enter your eMail Address." );
document.forms[0].userid.focus();
else {
Set_Cookie( COOKIE_OBFORMLOGINCOOKIE, "done", 0, "/" );
var LOST_PWD_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=passwordChallengeResponse&login="+CurrentLogin+"&backUrl=http://oradev2.na.aarp.int/login/login.html&target=top";
window.location = LOST_PWD_PAGE;
function emailPassword()
document.passform.submit();
function onLoad()
if (getQueryVariable( "MSG" ) == 'LOGIN_FAILED' )
alert ("Login Failed, Please try again");
else if (getQueryVariable( "MSG" ) == 'PWD_EXP' )
alert ("Your Password Is About to Expire. Please Change it at your earliest convenience.");
var pwdExpUID = getQueryVariable( "login" );
var hostTarget = getQueryVariable( "hostTarget" );
var resURL = getQueryVariable( "resURL" );
var PWD_EXP_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+pwdExpUID+"&backURL="+hostTarget+resURL+"&target=top";
window.location = PWD_EXP_PAGE;
else if (getQueryVariable( "MSG" ) == 'CHGPWD' )
alert ("You are required to change your password.");
var chgPwdUID = getQueryVariable( "login" );
var hostTarget = getQueryVariable( "hostTarget" );
var resURL = getQueryVariable( "resURL" );
var CHG_PWD_PAGE = "http://"+HOSTNAME+"/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+chgPwdUID+"&backURL="+hostTarget+resURL+"&target=top";
window.location = CHG_PWD_PAGE;
</script></head><body onload="onLoad();document.login.userid.focus();" alink="blue" bgcolor="#ffffff" link="blue" vlink="blue">
<p align="center">
<img alt="AARP Header Logo" src="login_files/aarpLogo.gif" border="0" height="91" width="219">
<br>
</p><form name="login" method="post" action="/access/oblix/apps/webgate/bin/webgate.so">
<div class="boldText" align="center">
<h2>Login</h2>
<div class="boldText" align="left">
<div id="LoginFailed" style="display: none;">
<table align="center" bgcolor="#ff0000" border="0" cellpadding="2" cellspacing="0" width="500">
<tbody><tr>
<td>
<table bgcolor="#e5e5e5" border="0" cellpadding="5" cellspacing="0" width="100%">
<tbody><tr bgcolor="#ffffff">
<td rowspan="3" height="40" nowrap="nowrap" valign="top">
<img src="login_files/error.gif" name="error" height="20" width="20">
</td>
<td rowspan="3" align="center">
<p>
<font color="#ff0000" size="-1">
<b>
<div id="TryAgain" style="display: none;">Login Failed! Invalid UserID and/or Password, Please try again.<br></div>
<div id="AccountLocked" style="display: none;">Your Account has been Locked!</div>
</b>
</font>
</p>
<p>
<font color="#ff0000">
<b>For
assistance call E-Services Help Line at (XXX) XXX-XXXX Monday through
Friday between the hours of 8:00 am and 5:00 pm eastern standard time.</b>
</font>
</p>
</td>
</tr>
<tr bgcolor="#ffffff">
</tr><tr bgcolor="#e5e5e5">
</tr></tbody></table>
</td>
</tr>
</tbody></table>
</div>
<br>
</div>
<table border="0" cellpadding="0" cellspacing="0" width="500">
<tbody><tr>
<td background="login_files/border_upper_left.gif" height="20" nowrap="nowrap" width="20"> </td>
<td background="login_files/border_top.gif" height="20" nowrap="nowrap"> </td>
<td background="login_files/border_upper_right.gif" height="20" nowrap="nowrap" width="20"> </td>
</tr>
<tr>
<td background="login_files/border_left.gif" nowrap="nowrap" width="20"> </td>
<td>
<table bgcolor="#ebebce" border="0" cellpadding="2" cellspacing="0" height="100%" width="100%">
<tbody><tr>
<td colspan="3" align="center">
<font color="darkred" face="Arial" size="3">
<b>
</b></font>
<b> </b></td>
</tr>
<tr valign="bottom">
<td colspan="3" width="100%">
<table bgcolor="#ebebce" border="0" cellpadding="5" cellspacing="0" width="100%">
<tbody><tr bgcolor="#e5e5e5">
<td rowspan="2" bgcolor="#ebebce" height="20" nowrap="nowrap" valign="top" width="4%">
<font color="#000000">
<span class="text">
<img src="login_files/arrow.gif" align="top" height="20" width="20">
</span>
</font>
<font color="#000000"> </font>
</td>
<td rowspan="2" bgcolor="#ebebce" width="96%">
<font color="#000000" size="-1">
<span class="text">Please enter your Email and Password. If you are a new user to AARP, please select First Time AARP User.
</span>
</font>
</td>
</tr>
<tr bgcolor="#e5e5e5">
</tr></tbody></table>
</td>
</tr>
<tr valign="bottom">
<td colspan="3">
<table align="center" border="0" width="349">
<tbody><tr>
<td nowrap="nowrap" width="74">
<font color="#000000" size="-1">
<div align="left">eMail:</div>
</font>
</td>
<td width="265">
<input name="userid" value="" size="32" maxlength="32" tabindex="2" type="text">
</td>
</tr>
<tr>
<td>
<font color="#000000" size="-1">
<div align="left">Password:</div>
</font>
</td>
<td>
<p>
<font color="#000000" size="-1">
<input name="password" size="32" maxlength="32" length="30" tabindex="3" type="password">
</font>
</p>
</td>
</tr>
</tbody></table>
</td>
</tr>
<tr>
<td>
<font color="#000000" size="-1">
<p align="center"><b>Forgot Your Password?</b></p>
</font>
</td></tr>
<tr>
<td align="center"> <font color="#000000" size="-1">
Email New Password
</font>
</td></tr>
<tr>
<td colspan="4">
<div class="boldText" align="center">
<br>
<input src="login_files/button_login.gif" name="Submit" value="" alt="login" type="image">
 <b class="boldText"><img src="login_files/button_clear.gif" name="img_clear" alt="clear" border="0" height="25" width="68"></b>
<b class="boldText"><img src="login_files/button_help.gif" name="img_help" alt="help" border="0" height="25" width="68"></b>
<b class="boldText"><img src="login_files/button_cancel.gif" name="img_cancel" alt="cancel" border="0" height="25" width="68"></b>
</div>
</td>
</tr>
</tbody></table>
</td>
<td background="login_files/border_right.gif" nowrap="nowrap" width="20"> </td>
</tr>
<tr>
<td background="login_files/border_lower_left.gif" height="20" nowrap="nowrap" width="20"> </td>
<td background="login_files/border_bottom.gif" height="20" nowrap="nowrap"> </td>
<td background="login_files/border_lower_right.gif" height="20" nowrap="nowrap" width="20"> </td>
</tr>
</tbody></table>
<p></p>
<span class="text"><br><br><b>NOTICE:
This system is the property of AARP and is for authorized use only.
Unauthorized access is a violation of federal and state law. All
software, data transactions, and electronic communications are subject
to monitoring.</b></span>
<div id="hr" style="position: absolute; width: 100%; height: 10px; z-index: 90; top: 657px; left: 10px;">
<hr>
</div>
<div id="footer" style="position: absolute; width: 700px; height: 55px; z-index: 115; top: 678px; left: 50px;">
<span class="subhead">
Privacy Policy
Disclaimer
Contact Us
</span>
<span class="bodytext">
</span></div>
<form name="passform" action="http://oradev2.na.aarp.int/wampassword/passwordReset.html" method="post">
<input name="login" value="" type="hidden">
<input name="backUrl" value="http://oradev2.na.aarp.int/login/login.html" type="hidden">
</form>
<script type="text/javascript" language="JavaScript" xml:space="preserve">
var undefined;
if (
document.login
&& document.login.password
function clearForm()
document.login.reset();
function navigate( linkName )
if ( 'login' == linkName )
if ( document.accountLogin.userID.value != '' && document.login.password.value != '' )
alert('Please click the Account Registration Setup link for now');
//document.location = 'userDataPersonal.htm';
else
alert('Please enter a UserId and Password');
function openHelp()
helpDoc = window.open( "http://www.aarp.org", "", "scrollbars=yes,resizable=yes,width=500,height=300" );
function cancel()
// open dialog
var initX = parseInt( window.screenX ) + parseInt( window.outerWidth ) / 2 - 100;
var initY = parseInt( window.screenY ) + parseInt( window.outerHeight ) / 2 - 50;
cancelDialog = window.open( "./cancelDialog.html", " cancelDialog", "resizable=yes,toolbar=no,menubar=no,width=200,height=150,screenX=" + initX +",screenY=" + initY );
</script>
</div></form></body>
<script type="text/javascript">
</script></html>

Is it not possible that someone fired the password expiration cmd ?
SQL> select limit
2 from   dba_profiles
3 where profile='DEFAULT'
4 and resource_name='PASSWORD_LIFE_TIME';
LIMIT
UNLIMITED
SQL> select profile from dba_users where username='MYUSER';
PROFILE
DEFAULT
SQL> conn myuser/myuser
Connected.
SQL> conn / as sysdba
Connected.
SQL> alter user myuser password expire;
User altered.
SQL> conn myuser/myuser
ERROR:
ORA-28001: the password has expired
Changing password for myuser
New password:
Password unchanged
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> select name, astatus, TO_CHAR(ctime,'DD-MM-YYYY HH:MI') CTIME, TO_CHAR(ptime,'DD-MM-YYYY HH:MI') PTIME, TO_CHAR(EXPTIME,'DD-MM-YYYY HH:MI') EXPIRE
2 from sys.user$ where name ='MYUSER';
NAME
   ASTATUS CTIME
PTIME
EXPIRE
MYUSER
         1 23-11-2011 11:15
23-11-2011 11:15
23-11-2011 11:17
SQL>Nicolas.

Changing the password warning message

The password component of our credit card statement comprises of upper case alphabets only. However, if i enter an incorrect password, it gives us a warning message that "Please make sure your caps lock is not on by mistake". This is an incorrect message for us since the password works only with the upper case in our scenario. Please help in changing this warning message while trying to open the PDF. Am also attaching the screen shot.

This is just a general 'incorrect password' warning, with a suggestion for a very common mistake. I don't think the checking mechanism actually checks for upper/lower case characters.

How to suppress distibution certificate expiration warning messages?

We have an enterprise license and distribute internal apps using a distribution provisioning profile. We've updated the distribution certificate to be valid for 2013, but continue to get the pop-ups about the expiring certificate on the employees iPads.
Is there a way to prevent the pop-ups for expiring certificates?
Thanks
TK_digi

Hi
Answer is pure assumption.
Pls check the following OSS notes
Note 319094 - Warning message during batch classification in IM
Note 122937 - UD: Error message M7207 when you save
Note 399416 - Message M7207 not analyzed in background
Note 786755 - You cannot suppress message M7 207
Note 201196 - MIGO: Error M7207 for goods receipt for batch
Pls take opinion from SAP / Basis before implementing the OSS note
Regards
Madhan D

No password expiration warning

Dear,
When setting a password with the use of the command passwd -w <days> <username>, the selected user is not being warned about the expiration date when logging in.
However, when using passwd –f <username> it prompts the user at the login for a new password.
Example:
passwd -w 7 extelt
passwd -x 30 extelt
passwd -s extelt
(Command set at 7/6/2011)
So the password expires at 07-07-2011.
Should start warning the user at 30-06-2011.
As explained, there are no warnings given from the 'checkpoint (30-06-2011)'.
What else can i try?
Thanks in advance.
Regards,
Tommy

Did you also upgrade the Password Compatibility to 6?
If so, then all the password attributes will have a prefix of "pwd" instead of "password" so it might break somethings in your application if it is looking for "passwordExpirationTime" or something.
Thanks.

Leopard: AD Plugin Doesn't Warn Me When My AD Password Expires?

I just noticed that my Windows PC is informing me that my AD password will expire in days. However, My Leopard Mac which is also bound to the same AD domain is not giving me the password expiration warning. I know that the AD plugin in Tiger (10.4.x) used to warn me about upcoming password change policies etc, but 10.5.1 is not.
Has anyone noticed this behavior?
Also - has anyone had any luck changing their AD password from a 10.5 client using the Accounts Preference Pane? I remember that Tiger was a little buggy sometimes...

Thanks Strontium90!
Turns out that is exactly what happened. I am testing the adpassmon utility now... very cool! I like how it allows you to change you password.
I have had quite a few occasions where users change their passwords at login when their AD password expires... which knocks their keychain out of sync. This tool may just be the ticket.
One again, many thanks!
Ray

Password expiry warning message

Hi Security experts,
Is it possible to get an a pop-up warning message similar like windows/lotus notes like password expiry before couple of days in GUI/Portal.
Thanks in advance
Regards
Pavan

Hi,
there is a user exit SUSR0001 that is called right after dialog logon (no RFC, no web) which can be used to display a pop up message. Good question is if it's called also for business client. I assume that it's not but I can't test it right now.
Cheers

Password expired message not prompt when login

I have installed SGD 4.2 on my Fedora Core 3 system. And the login authentication of SGD was set to ENS & Unix Group. PAM 0.77 was also installed. I created a user named test with expiry day. When I tried to login linux on terminal, I got the warning message. But I couldn't when I login the webtop. Any suggestion?
Many thanks.

SGD 4.0 on Fedora 3 can work well. I have ever installed SGD 4.1 & 4.2 on Fedora 3 & 4. But they can't work normally. Anybody know why and how to config?

Hyperion, Oracle, and password expirations ???

We're currently in the process of trying to change our password policy for some reporting databases we have that are only accessed by users (non-developers) for developing hyperion reports using the desktop client software. We've set up an Oracle warning message to be generated when the user's password is going to expire in 5 days. When logging in through the OCE, the user sees this message, but it never actually logs the user in... it shows the message, and then redisplays the login popup. I'd like for them to be able to login and then use their Connections Manager to change the database password, but it won't let them log in.
Has anyone encountered this problem before and possibly know of a solution or workaround? I'm assuming the Hyperion client software is taking any return code other than 0 for login as a failure...

If you need an encrypted connection to Essbase then you should use Smartview over https.
1) The Excel-Addin connection is not encrypted -- you can definitely see member information with a packet trace and with some time could probably figure out how to decipher the numeric data. The password to connect with did seem to have some level of encryption -- Hyperion would need to answer anything further as this is not documented.
2) The lockout mechanism depends on the user directory provider you chose. To my knowledge the native directory has not capabilities for user lockout. If you chose to use say Active Directory or another system then the those items are configured in that user directory and you would need to speak with the specific directory administration team regarding the lockout mechanisms.
Regards,
-John

Notification of password expiration trigger

I am trying to create a logon trigger that notifys users their password is about to expire. Here is a piece of the code. How would I give this notification message after logon?
SELECT trunc(expiry_date) - trunc(lv_date)
INTO v_expiry_time
FROM dba_users
WHERE username IN (SELECT USER FROM dual);
if v_expiry_time > 0 and v_expiry_time <= 10 then
/*give this message --> 'Your password will expire in ' || v_expiry_time || ' day(s).' */
end if;

I think you might have a mis-understanding about how 'grace period' and 'password lifetime' interact. Take a look at the description in the security manual, at
[http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/policies.htm#i1006685]
In the example, they have a user with a password lifetime of 90 days, then it says (I've added emphasis to key parts)
"the profile assigned to johndoe includes the specification of a grace period: PASSWORD_GRACE_TIME = 3. The first time johndoe tries to log in to the database after 90 days (+*this can be any day after the 90th day*,+ that is, the 70th day, 100th day, or another day), he receives a warning message that his password will expire in three days. If three days pass, and he does not change her password, *+then+* the password expires. *+After this+*, he receives a prompt to change his password on any attempt to log in, and cannot log in until he does so."

Prime Infra 2.0 : Warning message eval license even if permanent license is installed

Hi,
Customer has installed PI 2.0 with a eval license.
Since we have installed the permanent license, he stills have a warning message that says "The license for Lifecycle and Assurance features will expire in 50 days ..."
If we go to Administration-> License -> Sumary-> License, we can see something like that:
Serial Number
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Lifecycle
97% (1 of 100 devices used)
-- Evaluation 50 days remaining
Assurance
0% (0 of 100 devices used)
-- Evaluation 50 days remaining
Collector
0% (Limit: 20 000; Avg: 0 fps)
-- Evaluation 50 days remaining
I would like to be sure that when evaluation license will expire, the permanent license will work.
Many thanks, Elisabeth

This is covered by bug ID: CSCul20922 - PI 2.0 shows evalution license after restore, wont apply new licensing and CSCuj32554 After migration to PI 2.0 old licenses are not detected.
Workarounds for PI 2.0 are:
Become root on the PI 2.0 system
If you have not enabled root from the admin login, type root_enable and provide a password for root. Press enter and confirm the password.
To become root from the admin login, type root, press enter and provide the password.
You should get the ade# prompt. Continue with the instructions below...
cd /opt/CSCOlumos/licenses
mkdir old
mv *.lic ./old
mv restored.cfg ./old
run the script /opt/CSCOlumos/bin/license_post_restore.sh if it is restored server.
From the UI, login as root and install the licenses from this interface, BASE first, then remaining licenses
Logout for licenses to take effect
Login to verify licenses are installed.
Lastly from the CLI, rm -rf /opt/CSCOlumos/licenses/old
Exit root login by typing exit, should return the Admin prompt.
If you have issues or unsure about performing the workaround, open a TAC case for assistance.

User password expiration

Hello.
It seems that passwordExpirationTime LDAP attribute doesn't work at all. I can add it to a user entry but it has no effect, no matter what value it has. Do we have to set any configuration value in order to active it? Is there any other way to achieve some kind of "user password expiration" feature?
Thank you very much.

Hi,
in respect to password aging, the following two enhancement requests are open :
on Messaging : 12093863: SUNBT4538996 PASSWORD AGING SUPPORT
on Convergence : 12251399: SUNBT6763009 CONVERGENCE LOGIN SHOULD WARN IF PASSWARD EXPIRES SOON
The above is also mentioned in the knowledge document :
Does Messaging Server Or Convergence Support Password Aging Policy ? (Doc ID 1474404.1)
On 12093863, this feature will be implemented in the messaging patch-28. There is no news available yet from the Convergence side on 12251399.
Cheers, Ben

DS 6.3 password expiration oddities

I have been exploring an upgrade from DS5.2 to DS 6.3 to take advantage of the enhanced password policies and password expiration that have never worked quite right in DS5.2.
The previous 5.2 and migrated 6.3 environments both use netgroups to restrict logins to specific systems.
This generally works very well, although I'm seeing weirdness for local system accounts.
I've explored the forums, tweaked pam.conf and nsswitch.conf in pretty much every way that's been suggested.
DS 6.3 is setup on Solaris 10, and my client systems are Solaris 8, with all of the latest necessary patches applied.
nsswitch has:
passwd: compat
group: compat
passwd_compat: ldap
group_compat: ldap
netgroup: ldap
All local and LDAP accounts can login fine if pam.conf has:
other account requisite pam_roles.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
But no warning messages are received from the directory server for password expiration or administrative password resets.
If I change pam.conf to have:
other account requisite pam_roles.so.1
other account optional pam_ldap.so.1
other account binding pam_unix_account.so.1 server_policy
All users can login, password expiration warnings are received, and users are notified if the admin user resets their password, but (as expected) users aren't forced to reset their password on first login or resets.
Using "required" or "requisite" for pam_ldap in the above stack order, disables local account logins, as they are
prompted for LDAP passwords that they don't have.
Any combination of settings that I've tried that successfully force resets, etc. appear to disable the ability of local accounts to login - they are prompted for LDAP password, which of course fails.
If anyone can demonstrate a combination of nsswitch.conf and pam.conf settings that will actually allow local user login, but still enforce password policies and expiration warnings, for Solaris 8 clients, it would be greatly appreciated.

I'm still struggling to get password expiration and inactivation to work with DS 6.3.1 and Solaris 10 5/08. When accounts are expired or inactivated (nsAccountLock) users can still login via ssh. But when accounts are temporarily locked (pwdAccountLockedTime) ssh does the right thing and won't let them log in.
Things work properly when I have
passwd: files ldap
in nsswitch.conf, but when I go to compatibility mode:
passwd: compat
passwd_compat: ldap
ssh 'ignores' expiration and inactivation status of accounts.
Following the advice of your last comment here (4.5 years ago!) I took away all access to the 'userPassword' attribute for the proxy account, but nothing changed (I did an 'ldapsearch' as the proxy account to ensure that the aci was working as expected and denying all access to the attribute).
Would you, akillenb, or anyone, be so kind as to give any information that will let a Solaris 10 client work properly with the enhanced account management facilities of the Sun DSEE 6.3.1 LDAP server? Copies of pam.conf and nsswitch.conf and details on LDAP aci's would be most gratefully received!!!

Warning message of password expire

Similar Messages

Maybe you are looking for