Kunal's answer is correct, but what is it that you want to happen to the user when the 90 days are over?

login/password_expiration_time will only determine that at the next login after the 90 days since last change (whenever that may be...), the user will be prompted to change their password.

Also of interest to you might be login/password_max_idle_productive which will determine that after ??? days (typically more than the value of login/password_expiration_time makes sense) of not using (and therefore not changing) the user's password, the user will not be able to logon to the system using a password as authentication. That is different to only having to change the password after... lets say 365 days.

You can also independently of the above params control the "lifetime" of initial (first) and reset (by administrator) passwords which the user has not changed to their own yet, in other words they have not used the password for ??? days as means to authenticate.

Cheers,

Julius

Edited by: Julius Bussche on Apr 18, 2008 12:05 PM