not logged in | [Login]


The expiration module implements support for the Expiration attribute.

Default configuration

Processing Sections


When listed in the authorize section, the expiration module enforces the Expiration attribute. When the user’s account has a limited range of validity, the Session-Timeout attribute is updated to reflect this limited range.

If the Session-Timeout attribute already exists, the expiration module may decrease the value, but will never increase the value, of this attribute.

The format of the Expiration attribute is a date, as printed out by the date utility.

Example date $ date Thu 3 Apr 2014 13:19:52 EDT

Return codes

userlock The user’s account has expired.

noop No control:Expiration attribute was found.

ok A control:Expiration attribute was found, and the user’s account is still active.


Operates identically to the authorize section.

Available after version 3.0.4