pam.allow.password.expired.access

This configuration parameter specifies whether users who log in with an expired password should be allowed access. You can set this parameter to true or false and use it in conjunction with the pam.allow.password.change parameter to control access for users who attempt to log on with an expired password.

If this parameter is set to true, users logging on with an expired password are allowed to log on, and either prompted to change their password if the pam.allow.password.change parameter is set to true, or notified that they are not allowed to change their expired password if the pam.allow.password.change parameter is set to false.

If this parameter is set to false, users logging on with an expired password are not allowed to log on and the message defined for the pam.allow.password.expired.access.mesg parameter is displayed.

For example, to allow users with expired passwords to log on:

pam.allow.password.expired.access: true