hulkster wrote:
> I've encountered a small problem with conflicting values of the user
> accounts minage attribute and the ADMCHG flag.
>
> On AIX 5.3 when root changes a users password the ADMCHG flag is set in
> /etc/security/passwd as it is with previous versions. However if the
> users account minage is set to say a week, when the user logs in after
> requesting a password reset for whatever reason they are prompted to
> change their password, again as you would expect.
>
> The problem is that the user is told that only root can change this
> password because the current password does not meet the minage
> requirements as illustrated below.
>
> login: bob
> bob's Password:
> [compat]: 3004-610 You are required to change your password.
> Please choose a new one.
>
> bob's New password:
> a minimum of 1 elapsed week between changes.
> 3004-320 Only the system administrator can change this password.
>
> Any one encountered this and come up with a workaround?

One thing I do sometimes, when adding a new user, is after setting the
initial password from root, I remove the ADMCHG flag for that user from
/etc/security/passwd. This allows the user to keep the initial password
until he or she feels comfortable with changing it. The slight security
risk is worth the reduced hassle when a new user is not comfortable
with logging in, and then picking a new password right away.

This might be a workaround in your case too.