Set password to expired

The Set password to expired field allows a security administrator to indicate in the user profile that the user’s password is expired and must be changed the next time the user signs on.

Add User prompt:
Not shown
CL parameter:

This value is reset to *NO when the password is changed. You can change the password by using either the CHGPWD or CHGUSRPRF command, or the QSYCHGPW API, or as part of the next sign-on process.

This field can be used when a user cannot remember the password and a security administrator must assign a new one. Requiring the user to change the password assigned by the security administrator prevents the security administrator from knowing the new password and signing on as the user.

When a user’s password has expired, the user receives a message at sign-on (see Password expiration interval). The user can either press the Enter key to assign a new password or press F3 (Exit) to cancel the sign-on attempt without assigning a new password. If the user chooses to change the password, the Change Password display is shown and password validation is run for the new password.

Figure 1. Password expiration message
                             Sign-on Information
Password has expired.  Password must be changed to continue sign-on
Previous sign-on . . . . . . . . . . . . . :   10/30/91  14:15:00
Table 1. Possible values for PWDEXP:
Value Description
*NO: The password is not set to expired.
*YES: The password is set to expired.

Recommendations: Set the password to expired whenever you create a new user profile or assign a temporary password to a user.