Password Expiration Date
The password expiration date sets the exact date on which account passwords for a specific organization or for the registry as a whole expire.
Generally, DCE security disables login for users whose passwords have expired.mechanism It is possible, however, to override this policy for a user such as cell_admin in order to prevent the cell administrator from being locked out of the system by an expired password. You do this by attaching an instance of the passwd_override ERA to the principal. See Creating and Maintaining Principals, Groups, and Organizations for information on how to do this.
You define the password expiration date as the dcecp pwdexpdate attribute in the following form:
pwdexpdate {date | none}
where date is the date the password expires in yyyy-mm-dd format, and none specifies that the password has no expiration date.
You can also set a period of time after which a password expires with the password lifespan policy (pwdlife attribute).