HP Sentry User Manual

SENTRY User’s Guide

Section 2 - 9

Fitzgerald & Long

1. Minimum password change (days): Enter the number of days before a user is allowed to change
his existing password. For example, if UNIX has just expired a users password and the user enters a new
one, you can use this parameter to prevent the user from resetting his password to the old one for the
number of days you specify. The idea is that if the user is forced to keep the new password for several
days, he will not change it back to the older one. We recommend 5 days.

2. Maximum password change (days): Enter the number of days before a user is forced by UNIX
to change his password. Many companies use 90 days as a standard. This would allow a user to keep a
new password for 90 days before he was forced by UNIX to enter a new password. This is 90 calendar
days.

3. Password change warning (days): Enter the number of days before a new password is required
that you would like UNIX to warn the user that his password is about to expire. We recommend 5 days.

4. Maximum inactive time (days): This field is used to protect inactive logins. For example, if a user
did not use his login id for a specified number of days such as 21, UNIX would automatically expire the
password. At that time the system administrator will have to re-instate the password to allow logins for
that user id. Enter the number of days the login can remain active before it is expired. We chose 21
because we expect vacations and sick leave to be less than three weeks. Any event greater than three weeks
would be a special circumstance and we would deal with that on an individual basis.

5. Expiration date (MM/DD/YY): There may be login ids which are created for short term use such as
for auditors or seasonal employees. You may wish to enter a date when the login id will expire for these
types of users. Because this is the default screen, setting a default expiration date is not very logically
unless the entire user system is to be drastically changed on a certain date.

The last line of the screen is:

Enter field number, “F”ile or “<ESC>” to exit:

If you wish to modify any of the fields, 1 through 5, enter the number of the field you wish to change
followed by <ENTER>. After you have made changes enter “F” to file/save your changes. To exit the
program without saving any changes, enter <ESC>. You will be returned to the “System Profile
Maintenance screen.