ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqmaxsign.htm

133 lines
7.5 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Maximum signon attempts" />
<meta name="abstract" content="The maximum signon attempts system value limits the number of consecutive incorrect signon attempts by local and remote users." />
<meta name="description" content="The maximum signon attempts system value limits the number of consecutive incorrect signon attempts by local and remote users." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qmaxsign" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Maximum signon attempts</title>
</head>
<body id="qmaxsign"><a name="qmaxsign"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Maximum signon attempts</h1>
<div><p>The maximum signon attempts system value limits the number of consecutive
incorrect signon attempts by local and remote users.</p>
<p>Incorrect signon attempts can be caused by incorrect user identification,
incorrect password, or inadequate authority to the device. The maximum signon
attempts system value works with the system value that specifies the action
the system takes when the maximum number of signon attempts is reached. For
information on this related system value, see <a href="rzamvqmaxsignacn.htm">Maximum sign on attempts action</a>.</p>
<p>Some hackers may attempt to break into systems by guessing passwords. By
limiting the number of signon attempts you allow, you limit their guesses.
The maximum signon attempts system value determines how many signon tries
you allow. Generally you want to set the value high enough to avoid frustrating
users but also low enough to prevent a potential intruder too many guesses.
Typically setting the value for signon attempts between 3 and 5 fulfills both
of these requirements.</p>
<p>See <a href="#qmaxsign__quickref">Quick reference</a> table
for an overview of the maximum signon attempts system value. </p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the use maximum signon attempts
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e34">iSeries™ Navigator</th>
<th valign="bottom" id="d0e38">Character-based interface</th>
<th valign="bottom" id="d0e40">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e34 ">No maximum</td>
<td valign="top" headers="d0e38 ">*NOMAX</td>
<td valign="top" headers="d0e40 ">The system allows an unlimited number of incorrect signon
attempts. This value gives a potential intruder unlimited opportunities to
guess a valid user ID and password combination.</td>
</tr>
<tr><td valign="top" headers="d0e34 ">Maximum number</td>
<td valign="top" headers="d0e38 "><em>limit</em></td>
<td valign="top" headers="d0e40 ">Specify a value from 1 through 25. The recommended number
of signon attempts is three. Usually three attempts are enough to correct
typing errors but low enough to help prevent unauthorized access.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><span class="uicontrol">Relationship to security policy</span></p>
<p>Within your security policy you should inform users your company's expectations
for managing their signon activities. It is important to document the number
of signon attempts that users are allowed and the action taken when that number
is exceeded.</p>
<div class="p">
<div class="tablenoborder"><a name="qmaxsign__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qmaxsign__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides details
for the maximum signon attempts system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e74">iSeries Navigator name</th>
<th valign="bottom" id="d0e78">Incorrect signon attempts</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e74 ">Character-based interface name</td>
<td valign="top" headers="d0e78 ">QMAXSIGN</td>
</tr>
<tr><td valign="top" headers="d0e74 ">Authority</td>
<td valign="top" headers="d0e78 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e74 ">How to access</td>
<td valign="top" headers="d0e78 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <span class="uicontrol">Signon Policy</span> and select <span class="uicontrol">Properties</span>.</li>
<li>On the <span class="uicontrol">General</span> page, you will find the option for
maximum signon attempts.</li>
</ol>
</div>
<div class="p"><span class="uicontrol">Character-based interface</span><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QMAXSIGN</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e74 ">Changes take effect</td>
<td valign="top" headers="d0e78 ">Immediately</td>
</tr>
<tr><td valign="top" headers="d0e74 ">Default value</td>
<td valign="top" headers="d0e78 ">3</td>
</tr>
<tr><td valign="top" headers="d0e74 ">Recommended value</td>
<td valign="top" headers="d0e78 ">3</td>
</tr>
<tr><td valign="top" headers="d0e74 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e78 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e74 ">Special considerations</td>
<td valign="top" headers="d0e78 ">See <a href="rzamvqmaxsignacn.htm">Maximum sign on attempts action</a> for special considerations
regarding this system value.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more detailed information about this security value, see Chapter 3, <span class="q">"Security
System Values"</span> in <a href="../books/sc415302.pdf" target="_blank">Security
Reference</a>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
</div>
</div>
</body>
</html>