Modify The Password Interval For Old Acid In Top Secret
search cancel

Modify The Password Interval For Old Acid In Top Secret


Article ID: 9827


Updated On:


Top Secret Top Secret - LDAP


The password expiration interval (PWEXP) was changed from 30 to 60 days, but ACIDs created before this procedure maintain the previous interval, even after the user has changed the password. 


Release: TOPSEC00200-15-Top Secret-Security


When the PWEXP Top Secret control option is changed, the expiration interval has no effect on current ACIDs. It only affects new ACIDs created after the change. To change the password expiration interval for existing acids, for each ACID, issue

TSS REPLACE(acid) PASS (*,60) 

(The '*' in the command will keep the password the same as it currently is.)

A batch job can be set up to issue all the commands. The batch job should be run during off peak hours to reduce system overhead and not overload the Top Secret command processor. 

The best way to stagger the password expiration date among all the acids is to split up the TSS REPLACE(acid) PASS(*,60) commands into groups of, say, 500, and issue the commands for each group on a different day. 

Additional Information

    PWEXP - Specify a Password Expiration Interval