Managing Password Expiration
By default, the DCE security server disables logins for principals whose passwords have expired. There may be cases where you would prefer this not to happen; for instance, you probably don't want cell_admin to be locked out of the cell because of an expired password.
You can manage password expiration checking for a given principal by attaching an instance of the passwd_override ERA to the principal and specifying one of the following values:
0
(NONE) Specifies that password expiration checking for the principal should not be overridden (that is, the principal should not be permitted to log in with an
expired password.) Specifying 0 (NONE) is equivalent to not attaching an ERA instance to the principal.
1
(OVERRIDE) Specifies that password expiration checking for the principal should be overridden (that is, the principal should be permitted to log in with an expired
password.)
The following is an example of a dcecp command to create a principal and attach the passwd_override ERA:
dcecp> principal create smitty -attribute {passwd_override 1}
dcecp>
For further information on how to use dcecp to attach ERAs to principals, see Creating and Using Extended Registry Attributes.