Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

111

112

113

114

115

116

117

118

119

120

password is changed during the logon. If date is the current date and the system grace

period is greater than zero, then a user using username is required to change the password

in order to logon.

If you do not specify a date, the date is set to the value determined by the value of

EXPIRY-DAYS last set for rolename; if EXPIRY-DAYS has never been set for rolename,

the expiration date is cleared and thus the password will not expire.

date is a double-quoted space-delimited string in the form of:

month-name day year, where

month-name

is the first three letters of the month name and is not case-sensitive. For example: JAN,

feb, Mar

day

is a one or two digit integer from 1 through 31, specifying the day of the month.

year

is a 4-digit integer to specify the year, or spaces to specify no expiration date.

An empty string clears any previous value.

NOTE: If you include a password as a parameter on the command line, then in the event of a

command syntax error, the password you entered could be logged in clear text on your client

system. To prevent a password from being exposed in this way, specify only the keyword

NEW-PASSWORD or OLD-PASSWORDand allow yourself to be prompted for the value.

Example

The following command changes the password for the platform role SUPER.SUPER. In this case

the security policy for the platform requires the user to specify the old password in order to

change the SUPER.SUPER password.

.sec alter role SUPER.SUPER, old-password Open$esam3, new-password Mum2theW@rd

The following command changes the password of the ROLE.SECMGR ID, specifies the new

password explicitly, and does not change expiration attributes. The expiration date of the new

password is set according to the current value of EXPIRY-DAYS; if the value of EXPIRY-DAYS

prior to this command was 0, the password will never expire. This example omits .sec because

NCI was already in security mode, as described in “Security Mode” (page 29). In this case, the

security policy for the platform does not require the user to specify the old password to change

the password of a database power user such as ROLE.SECMGR.

alter role ROLE.SECMGR, new-password Changed$me123

ALTER USER Command (platform users, locally authenticated database users)

This command changes the password and password-expiration attributes of a platform user or

a locally authenticated database user.

This command is available only to a user logged on as ROLE.SECMGR or ROLE.MGR:

• A user in the role ROLE.SECMGR can modify the password and password-expiration

attributes for most platform users, or of a locally authenticated database user who has the

role ROLE.SECMGR. For more information and exceptions, see “Changing a Platform User

Password” (page 106).

• A user in the role ROLE.MGR can modify the password and password-expiration attributes

of a locally authenticated database user, other than a user who has the role ROLE.SECMGR.

User Management Commands 111