Defines the number of weeks after maxage, that a password can be reset by the user. Rationale: The maxexpired attribute limits the number of weeks after password expiry that a password may be changed by the user.
Solution
In /etc/security/user, set the default user stanza maxexpired attribute to 4: chsec -f /etc/security/user -s default -a maxexpired=4 This means that a user can reset their password up to 4 weeks after it has expired. After this an administrative user would need to reset the password. Default Value: No limit