78 lines
5.1 KiB
HTML
78 lines
5.1 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
|
<!DOCTYPE html
|
|||
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
|
<head>
|
|||
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
|
<meta name="security" content="public" />
|
|||
|
|
<meta name="Robots" content="index,follow" />
|
|||
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
|
<meta name="DC.Type" content="concept" />
|
|||
|
|
<meta name="DC.Title" content="Plan password level changes" />
|
|||
|
|
<meta name="abstract" content="Operations with other systems may fail or users may not be able to sign on to the system if you haven’t planned for the password level change adequately." />
|
|||
|
|
<meta name="description" content="Operations with other systems may fail or users may not be able to sign on to the system if you haven’t planned for the password level change adequately." />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvpwdlvl.htm" />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvqpwdlvlone.htm" />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvqpwdlvltwo.htm" />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvqpwdlvlthree.htm" />
|
|||
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
|
<meta name="DC.Identifier" content="passwdlvlchg" />
|
|||
|
|
<meta name="DC.Language" content="en-us" />
|
|||
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
|
<!-- US Government Users Restricted Rights -->
|
|||
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
|
<title>Plan password level changes</title>
|
|||
|
|
</head>
|
|||
|
|
<body id="passwdlvlchg"><a name="passwdlvlchg"><!-- --></a>
|
|||
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
|
<h1 class="topictitle1">Plan password level changes</h1>
|
|||
|
|
<div><p>Operations with other systems may fail or users may not be able
|
|||
|
|
to sign on to the system if you haven’t planned for the password level change
|
|||
|
|
adequately.</p>
|
|||
|
|
<p>Changing password levels should be planned carefully. Prior to changing
|
|||
|
|
the QPWDLVL system value, make sure you have saved your security data using
|
|||
|
|
the SAVSECDTA or SAVSYS command. If you have a current backup, you will be
|
|||
|
|
able to reset the passwords for all users’ profiles if you need to return
|
|||
|
|
to a lower password level.</p>
|
|||
|
|
<p>Products that you use on the system and on clients with which the system
|
|||
|
|
interfaces, may have problems when the password level (QPWDLVL) system value
|
|||
|
|
is set to 2 or 3. Any product or client that sends passwords to the system
|
|||
|
|
in an encrypted form, rather than in the clear text a user enters on a signon
|
|||
|
|
screen, must be upgraded to work with the new password encryption rules for
|
|||
|
|
QPWDLVL 2 or 3. Sending the encrypted password is known as password substitution.</p>
|
|||
|
|
<p>Password substitution is used to prevent a password from being captured
|
|||
|
|
during transmission over a network. Password substitutions generated by older
|
|||
|
|
clients that do not support the new algorithm for QPWDLVL 2 or 3, even if
|
|||
|
|
the specific characters are correct, will not be accepted. This also applies
|
|||
|
|
to any iSeries™ to iSeries peer
|
|||
|
|
access which utilizes the encrypted values to authenticate from one system
|
|||
|
|
to another.</p>
|
|||
|
|
<p>The problem is compounded by the fact that some affected products, such
|
|||
|
|
as Java™ Toolbox,
|
|||
|
|
are provided as middle-ware. A third party product that incorporates a prior
|
|||
|
|
version of one of these products will not work correctly until rebuilt using
|
|||
|
|
an updated version of the middle-ware. Given this and other scenarios, it
|
|||
|
|
is easy to see why careful planning is necessary before changing the QPWDLVL
|
|||
|
|
system value.</p>
|
|||
|
|
</div>
|
|||
|
|
<div>
|
|||
|
|
<ul class="ullinks">
|
|||
|
|
<li class="ulchildlink"><strong><a href="rzamvqpwdlvlone.htm">Considerations for changing QPWDLVL from 0 to 1</a></strong><br />
|
|||
|
|
Keep these items in mind as you consider changing your password level.</li>
|
|||
|
|
<li class="ulchildlink"><strong><a href="rzamvqpwdlvltwo.htm">Considerations for changing QPWDLVL from 0 or 1 to 2</a></strong><br />
|
|||
|
|
Password level 2 introduces the use of case sensitive passwords up to 128 characters in length, also called passphrases, and provides the maximum ability to revert back to QPWDLVL 0 or 1.</li>
|
|||
|
|
<li class="ulchildlink"><strong><a href="rzamvqpwdlvlthree.htm">Considerations for changing QPWDLVL from 2 to 3</a></strong><br />
|
|||
|
|
Keep these items in mind as you consider changing your password level.</li>
|
|||
|
|
</ul>
|
|||
|
|
|
|||
|
|
<div class="familylinks">
|
|||
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdlvl.htm" title="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification.">Password level</a></div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</body>
|
|||
|
|
</html>
|