Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

111

112

113

114

115

116

117

118

119

120

NOTE: The ALTER PASSWORD command described in “ALTER PASSWORD Command

(platform users, locally authenticated database users)” (page 108) lets any platform user or locally

authenticated database user change his or her own password. However, if the user's password

has expired and no grace period is configured in the security policy, only a user with the role

ROLE.SECMGR (in the case of a platform user or a ROLE.SECMGR user) or ROLE.MGR (in the

case of a database user other than a ROLE.SECMGR) can change the password for the user, using

the command described here.

Syntax

[.SEC] ALTER USER [username] {,PASSWORD [password],EXPIRY-DAYS [days],EXPIRY-DATE [date]}

Parameters

• username is the user name for an existing platform user or locally authenticated database

user. This is a required input parameter.

• password is the new password to be assigned and must comply with the password quality

criteria specified in the current system security policy (described in “Viewing and Updating

the Password Quality and Control Policies” (page 44). If you include the keyword but omit

the value, NCI prompts you for the password, asks you to confirm the value by entering it

for a second time, and does not echo your input to the screen.

NOTE: NCI allows you to enter a password of up to 64 bytes in length. However, a

password of this length might or might not enable the user to log on later. The maximum

length of a valid password is dependent on the security policies configured on your Neoview

platform:

— If the platform is configured to use 1024-bit keys, the limit is 53 characters.

— If the platform is configured to use 2048-bit keys, the limit is 64 characters.

— If the security policy requires the user to enter both his or her individual password and

the role password in order to log on, the maximum total length of the two passwords

together is 52 bytes in the case of 1024-bit encryption and 128 bytes in the case of 2048-bit

encryption.

NOTE: If you include a password as a parameter on the command line, then in the event

of a command syntax error, the password you entered could be logged in clear text on your

client system. To prevent a password from being exposed in this way, specify only the

keyword PASSWORD and allow yourself to be prompted for the value.

• days is the number of days, from the time the password is changed, after which it expires.

Any integer value is valid. If you omit this parameter, it retains its previous value.

• date is the date on which the password expires. After this date, whether the user can

continue to log on depends on whether the security policy provides for a grace period.

If you do not specify a date, the date is set to the value determined by the value of

EXPIRY-DAYS last set for username; if EXPIRY-DAYS has never been set for username,

the expiration date is cleared and thus the password will not expire.

112 User and Role Management