Hi Tommi,
there can be only one active password policy on HMC. I don't know a way to set a user-based policy. It is Linux-based, not AIX ;-)
> lspwdpolicy -t s
active=0
> mkpwdpolicy -i "name=policy1,pwage=365"
> mkpwdpolicy -i "name=policy2,pwage=99999"
> lspwdpolicy -t p
active=0,name=HMC Medium Security Password Policy,description=,min_pwage=1,pwage=180,min_length=8,hist_size=10,warn_pwage=7,min_digits=0,min_uppercase_chars=1,min_lowercase_chars=6,min_special_chars=0
active=0,name=policy1,description=,min_pwage=1,pwage=365,min_length=8,hist_size=10,warn_pwage=7,min_digits=0,min_uppercase_chars=1,min_lowercase_chars=6,min_special_chars=0,inactivity_expiration=180
active=0,name=policy2,description=,min_pwage=1,pwage=99999,min_length=8,hist_size=10,warn_pwage=7,min_digits=0,min_uppercase_chars=1,min_lowercase_chars=6,min_special_chars=0,inactivity_expiration=180
> chpwdpolicy -o a -n policy1
> lspwdpolicy -t s
active=1,name=policy1
> chpwdpolicy -o a -n policy2
> lspwdpolicy -t s
active=1,name=policy2
> chpwdpolicy -o d
> lspwdpolicy -t s
active=0
------------------------------
Andrey Klyachkin
https://www.power-devops.com------------------------------
Original Message:
Sent: Thu November 04, 2021 02:29 AM
From: Tommi Sihvo
Subject: HMC password policies / exclude users
Hi,
Quick stupid question regarding mkpwdpolicy cmd;
When enabling custom policy, will it always affect ALL local users (except hscroot,hscpe&root) , or can one somehow exclude accounts out of the scope?
------------------------------
Tommi Sihvo, Lead Service Architect
TietoEVRY, Compute Services
email tommi.sihvo@tieto.com mobile +358 (0)40 5180 Finland
------------------------------