HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 3 Using the System Responsibly
Your system manager can set up your account so that your password, or the account itself, expires automatically on a particular date and time. Password expiration times promote system security by forcing you to change your password on a regular basis. Account expiration times help to ensure that accounts are available only for as long as they are needed.
As you approach the expiration time of your password, you receive an advance warning message. The message first appears 5 days before the expiration date and at each subsequent login. The message appears immediately below the new mail message and sounds the bell character on your terminal to attract your attention. The message indicates that your password is expiring, as follows:
The system prompts you for a new password or, if automatic password generation is enabled, asks you to select a new password from those listed (see “Using Generated Passwords”). You can abort the login by pressing Ctrl/Y. At your next login attempt, the system again prompts you to change your password.
If secondary passwords are in effect for your account (see “Knowing What Type of Password to Use”), the secondary password may expire at the same time as the primary one. You are prompted to change both passwords. If you change the primary password and press Ctrl/Y before changing the secondary password, the login fails. The system does not record a password change.
If you need your account for a specific purpose for a limited time only, the person who creates your account may specify a period of time after which the account lapses. For example, student accounts at universities are typically authorized for a single semester at a time.
The system automatically denies access to expired accounts. You receive no advance warning message before the account expiration date, so it is important to know in advance your account duration. The account expiration resides in the UAF record, which can be accessed and displayed only through the use of the Authorize utility (AUTHORIZE) by users with the SYSPRV privilege or equivalent---normally, your system manager or security administrator.