The Change Password Attributes command provides separate parameters
for each of the QPWDxxx system values. A prompt override program is
used to prime the parameter values so that you may key over existing
values. You must have *ALLOBJ and *SECADM special authorities to use
CHGPWDA.
Note that the system values are not checked during the use of CRT or
CHGUSRPRF. They are checked by the CHGPWD command which is the
function used when the user must enter a new password at signon
because the old password has expired.
A typical command would be entered as:
CHGPWDA
The command prompt would appear with the current values of the
QPWDxxx system values.
The default for all the parameters is *SAME, but this is not shown
because of the prompt override program.
When the Enter key is pressed, each value passed to the Command
Processing Program is compared against the current system value. If
a difference exists, the system value is changed and a message is
sent. A summary message is sent describing how many system values
were changed and not changed.
CHGPWDA escape messages you can monitor for
--------------------------------------------
None. Escape messages from based on functions will be re-sent.
Command parameters *CMD
------------------
QPWDPWDBLK The number of days the password should be blocked
from making a change. The CHGUSRPRF command does
not consider this value.
Enter *NONE if changes are allowed on the same or
any day.
Enter 1-99 for the number of days that passwords may
not be changed.
QPWDEXPITV The password expiration interval. Enter *NOMAX if
passwords should never expire.
If passwords should expire in a number of days from
the last change, enter the number of days in a range
of 1 - 366.
If a password has expired, the user will be forced
to change to a new password at signon.
A change to this system value takes effect
immediately. The shipped value is *NOMAX.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDEXPWRN The password expiration warning days. A message
will be sent if the user signs on and has not
changed his password within the number of days
specified. A value of 1-99 may be entered.
QPWDLMTAJC Limit adjacent digits in the password. Enter '0' if
adjacent digits are allowed.
Enter '1' if adjacent digits are not allowed. For
example, a password of A11 or A1223 would be
invalid, but A123 would be valid.
A change to this system value takes effect
immediately. The shipped value is '0'.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDLMTCHR Limit characters in the password. Enter '*NONE' if
any character values are allowed in a password.
Enter a string of up to 10 characters that are
considered invalid in a password. For example, if
'AB' is entered, a password of ABC, or ACD, or BCD
would be invalid.
A typical use of this parameter would be to prevent
vowels (A,E,I,O,U,Y) or special characters (such as
@,#,$) from being valid.
A change to this system value takes effect
immediately. The shipped value is *NONE.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDLMTREP Limit repeated characters. Enter '0' if repeated
characters are allowed.
Enter '1' if repeated characters (anywhere in the
password) are not allowed. For example, a password
of ABA or AABC would be invalid because the
character A is repeated. This prevents words like
APPLE or SYSTEM from being valid because one of the
characters is repeated.
Enter '2' if consecutive repeated characters are not
allowed. For example, a password of AAA or ABBC
would be invalid, but ABC would be valid. This
prevents words like APPLE, but allows a word like
SYSTEM.
A change to this system value takes effect
immediately. The shipped value is '0'.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDMINLEN Minimum length of the password. Enter the minimum
length of the password that my be entered.
A change to this system value takes effect
immediately. The shipped value is 6.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDMAXLEN Maximum length of the password. Enter the maximum
length of the password that my be entered. The
maximum for the system is 10, but some other systems
only allow 8.
A change to this system value takes effect
immediately. The shipped value is 8.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDPOSDIF Limit password character positions. Enter '0' to
allow the same character to be used in the same
position as in the old password.
Enter '1' to require that a new password not use the
same character in the same position. For example,
if the current password is ABC, the new password
cannot be ACB because the character A is in the same
position 1 of both passwords. The values BAC or CBA
would also be invalid. The values BCA or CAB would
be valid.
Limiting the character positions can make changes
from a password such as APPLE to a totally different
value such as PRUNE invalid (E is in the same
position), but it will also prevent trivial changes
such as APPLE1 to APPLE2.
A change to this system value takes effect
immediately. The shipped value is '0'.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDRQDDGT Require a digit. Enter '0' if no digits are
required.
Enter '1' if at least one digit is required. For
example, ABC would be invalid, but ABC1, A1BC, or
A12BC would be valid.
A change to this system value takes effect
immediately. The shipped value is '0'.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDRQDDIF Duplicate password control (Require different
passwords). Enter '0' if passwords used previously
for a user are allowed to be re-used. For example,
if the users first password is APPLE and then is
changed to FOUNTAIN, the user can re-use APPLE the
next time a password is changed.
The following values may be entered to prevent
re-use of an old password previously used by a user:
1 = Cannot be the same as the last 32 passwords
2 = Cannot be the same as the last 24 passwords
3 = Cannot be the same as the last 18 passwords
4 = Cannot be the same as the last 12 passwords
5 = Cannot be the same as the last 10 passwords
6 = Cannot be the same as the last 8 passwords
7 = Cannot be the same as the last 6 passwords
8 = Cannot be the same as the last 4 passwords
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDVLDPGM Password validation program. *NONE is the default
meaning there is no password validation program.
A password validation program and library may be
entered to allow a user program to process the
proposed new password. For example, you might want
to enforce your own password validation rules or
prevent 'blue' words from being used.
Both the program and library name must be entered
and the program must exist. For an example of how
to write a password validation program, use DSPTAA
of the TAASECCC2 program.
A change to this system value takes effect
immediately. The shipped value is *NONE.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
QPWDLVL Password level.
0 = Password lengths are 1 - 10.
1 = Password lengths are 1 - 10. i5/OS NetServer
passwords for Windows 95/98/ME clients will be
removed from the system.
2 = Password lengths are 1 - 128.
3 = Password lengths are 1 - 128. i5/OS NetServer
passwords for Windows 95/98/ME clients will be
removed from the system.
A change to this system value takes effect at the
next IPL. To see the pending value (if one exists),
use DSPSECA. The shipped value is 0.
The default value is *SAME, but the current value
will be displayed by use of a prompt override
program.
Restrictions
------------
You must have *ALLOBJ and *SECADM special authorities to use CHGPWDA.
The system values are not used for CRT or CHGUSRPRF.
The QPWDRULES system value is not supported.
Prerequisites
-------------
The following TAA Tools must be on your system:
CHKALLOBJ Check *ALLOBJ special authority
CHKOBJ3 Check object 3
CHKSECADM Check *SECADM special authority
EDTVAR Edit variable
SNDCOMPMSG Send completion message
SNDESCMSG Send escape message
Implementation
--------------
None, the tool is ready to use.
Objects used by the tool
------------------------
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
CHGPWDA *CMD TAASEEW QATTCMD
TAASEEWC *PGM CLP TAASEEWC QATTCL
TAASEEWC2 *PGM CLP TAASEEWC2 QATTCL
TAASEEWC2 is the prompt override program.
|
