ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvpwdexpitv.htm

144 lines
8.0 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Password expiration interval" />
<meta name="abstract" content="The password expiration interval system value controls the number of days allowed before a password must be changed." />
<meta name="description" content="The password expiration interval system value controls the number of days allowed before a password must be changed." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="pwdexpitv" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Password expiration interval</title>
</head>
<body id="pwdexpitv"><a name="pwdexpitv"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Password expiration interval</h1>
<div><p>The password expiration interval system value controls the number
of days allowed before a password must be changed.</p>
<p>If a user attempts to sign on after the password has expired, the system
shows a display requiring that the password be changed before the user is
allowed to sign on. You can set this value globally for all user profiles
on the system or customize the password expiration for individual user profiles.
For example you may want the security officer or other users with all object
(*ALLOBJ) special authority to change their passwords more frequently than
the rest of your users.</p>
<p>See <a href="#pwdexpitv__quickref">Quick reference</a> table
for an overview of the password expiration interval system value.</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the password expiration interval
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e29">iSeries™ Navigator </th>
<th valign="bottom" id="d0e33">Character-based interface</th>
<th valign="bottom" id="d0e35">Description </th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e29 ">Never Expire</td>
<td valign="top" headers="d0e33 ">*NOMAX</td>
<td valign="top" headers="d0e35 ">Users are not required to change their passwords.</td>
</tr>
<tr><td valign="top" headers="d0e29 ">Days after last change (1-366)</td>
<td valign="top" headers="d0e33 "><em>limit-in-days</em></td>
<td valign="top" headers="d0e35 ">Specify the number of days a password is valid before
it expires.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>Relationship to security policy</strong></p>
<p>Within your security policy, you should describe the password rules that
are defined by the system values-related passwords. For this system value,
let users know how long passwords on the system are valid and what they are
required to do when the expiration date is exceeded. Several other password
system values force users to make unique password every time their passwords
expire on the system. Be sure to document those rules as well in your security
policy.</p>
<p>Stricter security environments would benefit from a shorter interval for
password expiration. User should change their passwords periodically. This
discourages sharing passwords with other system users. Passwords with a long
or indefinite expiration interval provide potential intruders a longer period
of access if they steal or obtain a password to a system. If an intruder obtained
a valid password, potentially they could do damage or steal vital data on
your system over a long period of time. If the expiration interval is shorter,
then intruders would be limited in the amount of time they had access to your
system. However, valid users may become frustrated if they are asked to change
passwords too frequently. To strike a balance between protection and user
needs, select a value between 30 and 90 days. For most installations that
range is adequate. You may need to customize password expiration for individual
users or systems. Perhaps you want your security administrator or any users
with all object (*ALLOBJ) authority to change passwords more frequently to
minimize the threat of someone stealing those passwords. You also may want
to have shorter or longer password expiration intervals for specific systems,
depending on the data that these systems contain.</p>
<div class="p">
<div class="tablenoborder"><a name="pwdexpitv__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="pwdexpitv__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides
details for the password expiration interval system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e73">iSeries Navigator name</th>
<th valign="bottom" id="d0e77">Expiration</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e73 ">Character-based interface name</td>
<td valign="top" headers="d0e77 ">QPWDEXPITV</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Authority</td>
<td valign="top" headers="d0e77 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e73 ">How to access</td>
<td valign="top" headers="d0e77 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <strong>Password Policy</strong> and select <strong>Properties</strong>.</li>
<li>On the <strong>Expiration</strong> page, you will find the options for password
expiration.</li>
</ol>
</div>
<div class="p"><strong>Character-based interface</strong><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QPWDEXPITV</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Changes take effect</td>
<td valign="top" headers="d0e77 ">Immediately</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Default value</td>
<td valign="top" headers="d0e77 ">Never expire</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Recommended value</td>
<td valign="top" headers="d0e77 ">From 30 to 90 days</td>
</tr>
<tr><td valign="top" headers="d0e73 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e77 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Special considerations </td>
<td valign="top" headers="d0e77 ">NA</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more in-depth information about this security value, see Chapter 3, <span class="q">"Security
System Values"</span> in <a href="../books/sc415302.pdf" target="_blank">Security
Reference</a>. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
</div>
</div>
</body>
</html>