Help for Modify Password Parameters 

This window lets you view or modify a user's password parameters and override 
those default selections made in the Set Default Password Parameters window.  

This window has text input fields that, the first time you view this window, 
contain system default values.  These default values should reflect the 
password parameters you want most users to obey.  If you enter other values 
in these text input fields, those values are displayed the next time you view 
this window.  

Password Parameter Text Input Fields 

Each text input field has a default button followed by a number in 
parentheses.  The number in parentheses is the system default value.  If the 
default button is highlighted, the text input field also contains the system 
default value.  As with other account windows, the default button indicates 
whether or not the system default value is being used.  

When you begin typing a number into the text input field, the default button 
is deselected (unhighlighted).  This indicates that an explicit setting, not 
the system default, is being used.  You can enter the current default value 
by clicking on the default number shown in parentheses.  This places the 
number in the text input field.  

If you want this entry to reflect the system default were it to change, then 
click on the default button to highlight it.  If you want to explicitly 
select the default value but not necessarily use the default if it changes, 
then deselect the default button.  

Enter any number from 0 to 80 for the Maximum password length, and any number 
from 0 to 999 for the remaining text input fields.  A 0 (zero) indicates that 
no value is set.  Use the mouse or the Tab and Shift-Tab keys to move between 
text input fields.  

The Minimum Change Time (weeks) is the minimum number of weeks that must 
elapse before a user may change his password again.  The Minimum Change Time 
(weeks) entry must be less than the Password Expiration Time (weeks) entry.  
A value of 0 means a user can change his password at any time.  

The Password Expiration Time (weeks) is the number of weeks between the time 
the password was last changed until it expires and must be changed.  If this 
value is exceeded, the user's account is locked and remains locked until you 
explicitly Unlock the account.  The Password Expiration Time (weeks) entry 
must be less than the Password Lifetime (weeks) entry.  A value of 0 means 
that no password expiration time is set.  

The Password Lifetime (weeks) is the maximum number of weeks the password is 
valid.  If the user does not change his password before this time elapses, 
then the account is retired.  When an account is retired it is removed from 
the system and cannot be retrieved.  A value of 0 means that no password 
lifetime is set.  

There is not an Expiration Warning (days) entry for individual users.  The 
system default Expiration Warning (days) value applies to all users.  If the 
global Expiration Warning (days) entry is less than the Password Expiration 
Time set on this window, the user is informed that his or her password is due 
to expire when he or she attempts a login.  

The Maximum Password Length (chars) is the maximum number of characters 
allowed in a user password.  The actual maximum is system dependent and is 
stored in the AUTH_MAX_PASSWD_LENGTH variable in the /usr/include/prot.h 
file.  A value of 0 (zero) means the password can be any length.  A 
12-character password is recommended.  

Password Parameter Set and Default Buttons 

Each password parameter in the lower half of this window contains two 
buttons, a Set (for set or setting) button and a Dflt (for default) button.  

The set button is highlighted when a password parameter applies to the user 
whose account you are modifying.  The default button is highlighted when the 
password parameter uses the system default value for that user.  

To apply a password parameter to a user, highlight (select) that parameter's 
set button.  To ignore a password parameter for a user, unhighlight 
(deselect) that parameter's set button.  Whenever you change the set button, 
the software automatically deselects (unhighlights) the default button to 
indicate that an explicit setting has been made.  

To insure that a password parameter ALWAYS applies to a user, click on the 
parameter's set button to highlight it and make sure the default button is 
deselected (unhighlighted).  The highlighted set button signifies that the 
password parameter applies to that user and the unhighlighted default button 
signifies that the setting applies regardless of the system default value.  

To insure that a password parameter NEVER applies to a user, deselect that 
parameter's set button to unhighlight it and make sure that the default 
button is also deselected (unhighlighted).  The highlighted set button 
signifies that the password parameter does not apply to that user and the 
unhighlighted default button signifies that the current setting is used 
regardless of the system default value.  

You can set any of the following password parameters to use or override the 
system defaults.  

Password Required lets you select whether or not a password is required for 
this user.  It is recommended that you require passwords for each user.  

User Can Choose Own Password lets you select whether or not this user can 
select his or her own password.  

If System Generates Password is set, then this user is given the option of 
choosing a system-generated password consisting of a "pronounceable" 
non-English word.  Most security-conscious sites require that the system 
generate passwords.  

If you allow this user to choose their own passwords and have system 
generated passwords, then he or she can set his or her own password or use a 
system-generated password.  

If Random Password of Chars is set, then this user is given the option of 
choosing a system-generated password consisting of syllables and/or random 
characters, including punctuation marks, numbers, and letters.  

If Random Password of Letters is set, then this user is given the option of 
choosing a system-generated password consisting of random letters.  

If Perform Triviality Checks is set, it tells the software to perform 
traditional UNIX triviality checks on this user's passwords.  This is not 
necessary if you use long, system-generated passwords.  Triviality checks 
substantially increase the time required to change a password.  

You may cancel the window at any time by selecting the "Cancel" button.  
Selecting the "OK" button brings up a confirmation box so that you can 
confirm your actions.  
