ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvconfigsysseccmd.htm

192 lines
9.6 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Values set by the Configure System Security command" />
<meta name="abstract" content="This table lists the system values that are set when you run the CFGSYSSEC command. The CFGSYSSEC command runs a program that is called QSYS/QSECCFGS." />
<meta name="description" content="This table lists the system values that are set when you run the CFGSYSSEC command. The CFGSYSSEC command runs a program that is called QSYS/QSECCFGS." />
<meta name="DC.Relation" scheme="URI" content="rzamvtoolsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvconfigsysseccust.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="configsysseccmd" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Values set by the Configure System Security command</title>
</head>
<body id="configsysseccmd"><a name="configsysseccmd"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Values set by the Configure System Security command</h1>
<div><p>This table lists the system values that are set when you run the
CFGSYSSEC command. The CFGSYSSEC command runs a program that is called QSYS/QSECCFGS.</p>
<div class="section"><h4 class="sectiontitle">Values set by the CFGSYSSEC command</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Values
set by the CFGSYSSEC command</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e24">System value names</th>
<th valign="bottom" id="d0e26">Setting</th>
<th valign="bottom" id="d0e28">System value description</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e24 ">QALWOBJRST</td>
<td valign="top" headers="d0e26 ">*NONE</td>
<td valign="top" headers="d0e28 ">Whether system state programs and programs that adopt
authority can be restored</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QAUTOCFG</td>
<td valign="top" headers="d0e26 ">0 (No)</td>
<td valign="top" headers="d0e28 ">Automatic configuration of new devices</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QAUTOVRT</td>
<td valign="top" headers="d0e26 ">0</td>
<td valign="top" headers="d0e28 ">The number of virtual device descriptions that the system
will automatically create if no device is available for use.</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QDEVRCYACN</td>
<td valign="top" headers="d0e26 ">*DSCMSG (Disconnect with message)</td>
<td valign="top" headers="d0e28 ">System action when communications is re-established</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QDSCJOBITV</td>
<td valign="top" headers="d0e26 ">120</td>
<td valign="top" headers="d0e28 ">Time period before the system takes action on a disconnected
job</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QDSPSGNINF</td>
<td valign="top" headers="d0e26 ">1 (Yes)</td>
<td valign="top" headers="d0e28 ">Whether users see the sign-on information display</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QINACTITV</td>
<td valign="top" headers="d0e26 ">60</td>
<td valign="top" headers="d0e28 ">Time period before the system takes action on an inactive
interactive job</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QINACTMSGQ</td>
<td valign="top" headers="d0e26 ">*ENDJOB</td>
<td valign="top" headers="d0e28 ">Action that the system takes for an inactive job</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QLMTDEVSSN</td>
<td valign="top" headers="d0e26 ">1 (Yes)</td>
<td valign="top" headers="d0e28 ">Whether users are limited to signing on at one device
at a time</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QLMTSECOFR</td>
<td valign="top" headers="d0e26 ">1 (Yes)</td>
<td valign="top" headers="d0e28 ">Whether *ALLOBJ and *SERVICE users are limited to specific
devices</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QMAXSIGN</td>
<td valign="top" headers="d0e26 ">3</td>
<td valign="top" headers="d0e28 ">How many consecutive, unsuccessful sign-on attempts
are allowed</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QMAXSGNACN</td>
<td valign="top" headers="d0e26 ">3 (Both)</td>
<td valign="top" headers="d0e28 ">Whether the system disables the workstation or the user
profile when the QMAXSIGN limit is reached.</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QRMTSIGN</td>
<td valign="top" headers="d0e26 ">*FRCSIGNON</td>
<td valign="top" headers="d0e28 ">How the system handles a remote (pass-through or TELNET)
sign-on attempt.</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QRMTSVRATR</td>
<td valign="top" headers="d0e26 ">0 (Off)</td>
<td valign="top" headers="d0e28 ">Allows the system to be analyzed remotely.</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QSECURITY</td>
<td valign="top" headers="d0e26 ">50</td>
<td valign="top" headers="d0e28 ">The level of security that is enforced</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QVFYOBJRST</td>
<td valign="top" headers="d0e26 ">3 (Verify signatures on restore)</td>
<td valign="top" headers="d0e28 ">Verify object on restore</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDEXPITV</td>
<td valign="top" headers="d0e26 ">60</td>
<td valign="top" headers="d0e28 ">How often users must change their passwords</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDMINLEN</td>
<td valign="top" headers="d0e26 ">6</td>
<td valign="top" headers="d0e28 ">Minimum length for passwords</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDMAXLEN</td>
<td valign="top" headers="d0e26 ">8</td>
<td valign="top" headers="d0e28 ">Maximum length for passwords</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDPOSDIF</td>
<td valign="top" headers="d0e26 ">1 (Yes)</td>
<td valign="top" headers="d0e28 ">Whether every position in a new password must differ
from the same position in the last password</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDLMTCHR</td>
<td valign="top" headers="d0e26 ">&nbsp;</td>
<td valign="top" headers="d0e28 ">Characters that are not allowed in passwords</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDLMTAJC</td>
<td valign="top" headers="d0e26 ">1 (Yes)</td>
<td valign="top" headers="d0e28 ">Whether adjacent numbers are prohibited in passwords</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDLMTREP</td>
<td valign="top" headers="d0e26 ">2 (Cannot be repeated consecutively)</td>
<td valign="top" headers="d0e28 ">Whether repeating characters in are prohibited in passwords</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDRQDDGT</td>
<td valign="top" headers="d0e26 ">1 (Yes)</td>
<td valign="top" headers="d0e28 ">Whether passwords must have at least one number</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDRQDDIF</td>
<td valign="top" headers="d0e26 ">1 (32 unique passwords)</td>
<td valign="top" headers="d0e28 ">How many unique passwords are required before a password
can be repeated</td>
</tr>
<tr><td valign="top" headers="d0e24 ">QPWDVLDPGM</td>
<td valign="top" headers="d0e26 ">*NONE</td>
<td valign="top" headers="d0e28 ">The user exit program that the system calls to validate
passwords</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e24 d0e26 d0e28 "><div class="note"><span class="notetitle">Note:</span> <ol><li>The restricted characters are stored in message ID CPXB302 in the message
file QSYS/QCPFMSG. They are shipped as AEIOU@$#. You can use the Change Message
Description (CHGMSGD) command to change the restricted characters. The QPWDLMTCHR
system value is not enforced at password levels 2 or 3.</li>
</ol>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div class="p">The CFGSYSSEC command also sets the password to *NONE for the following
IBM-supplied user profiles:<ul><li>QSYSOPR</li>
<li>QPGMR</li>
<li>QUSER</li>
<li>QSRV</li>
<li>QSRVBAS</li>
</ul>
Finally, the CFGSYSSEC command sets up security auditing using the Change
Security Auditing (CHGSECAUD) command. The CFGSYSSEC command turns on action
and object auditing and also, specifies the default set of actions to audit
on the CHGSECAUD command.</div>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvconfigsysseccust.htm">Customize the program</a></strong><br />
If some of these settings are not appropriate for your installation, you can create your own version of the program that processes the command.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtoolsecurity.htm" title="This information describes how to set up your system to use the security tools that are part of i5/OS.">Configure the system to use security tools</a></div>
</div>
</div>
</body>
</html>