Hi Dhara,
The UME property ume.logon.security_policy.password_max_idle_time is applied for all users. There is no option to change it only for default users.
For the second property. It's value is used for all users that do not have a last successful date or the date is older that the configured value.
Let's consider the following settings:
ume.logon.security_policy.password_max_idle_time=30
ume.logon.security_policy.password_successful_check_default=31/1/2016
User A does not have a last successful password check date.
User B has a last successful password check date set to 15/1/2016.
User C has a last successful password chck date set to 2/2/2016.
When User A authenticates the default date 31/1/2016 will be used as his last successful password check date as he has no password check date stored. If he authenticated after 31/1/2016+30 his authentication will be rejected. If he has authenticated before that date his authentication will be successful.
When User B authneticates the default date 31/1/2016 will be used as his last succesful password check date as his password check date is older than de default. After that the behaviour will be the same as for User A.
When User C authenticates the date 2/2/2016 will be used as his last successful password check date. The authentication will succeed if it is performed before 2/2/2016 + 30.
I hope that this makes it clearer.
Best regards,
Nikolay