I have a ERP system being implemented some few years ago. Now, we want to apply some password policy (e.g. length of the password, format and etc)
One of the requirements was to force the users to change their passwords after 90 days.
What I have tried was...
- Set login/password_max_idle_productive = 90
- Set login/password_max_idle_initial = 90
What the system does was...
- Straight away block any further logon attempt (stating that the account was blocked)
- Don't allow user to logon or change password at all
- Why the blocking? As all the passwords were long expired as the accounts were created long time ago (> 90 days)
- How can I go around on this to apply for the 90 days policy but still allow the users to change the password first?
- I don't want the system to block the logon straight away after applying the parameter changes