ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqmaxsignacn.htm

132 lines
7.2 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Maximum signon action" />
<meta name="abstract" content="The maximum signon attempts action system value determines what the system does when the maximum number of signon attempts is reached at a workstation." />
<meta name="description" content="The maximum signon attempts action system value determines what the system does when the maximum number of signon attempts is reached at a workstation." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qmaxsignacn" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Maximum signon action</title>
</head>
<body id="qmaxsignacn"><a name="qmaxsignacn"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Maximum signon action</h1>
<div><p>The maximum signon attempts action system value determines what
the system does when the maximum number of signon attempts is reached at a
workstation.</p>
<p>This system value works with the <a href="rzamvqmaxsign.htm">Maximum signon attempts</a> system
value to prevent unauthorized sign on to the system.</p>
<p>See <a href="#qmaxsignacn__quickref">Table 2</a> for an overview
of the maximum signon action system value. </p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the maximum signon attempts
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e32">iSeries™ Navigator</th>
<th valign="bottom" id="d0e36">Character-based interface</th>
<th valign="bottom" id="d0e38">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e32 ">Disable user</td>
<td valign="top" headers="d0e36 ">2</td>
<td valign="top" headers="d0e38 ">Disable user profile only.</td>
</tr>
<tr><td valign="top" headers="d0e32 ">Disable device</td>
<td valign="top" headers="d0e36 ">1</td>
<td valign="top" headers="d0e38 ">Disable device only. </td>
</tr>
<tr><td valign="top" headers="d0e32 ">Disable user and device</td>
<td valign="top" headers="d0e36 ">3</td>
<td valign="top" headers="d0e38 ">Disable both the user profile and device.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><span class="uicontrol">Relationship to security policy</span></p>
<p>Within your security policy you should inform users your company's expectations
for managing their signon activities. It is important to document the number
of signon attempts that users are allowed, and the action taken when that
number is exceeded.</p>
<div class="p">
<div class="tablenoborder"><a name="qmaxsignacn__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qmaxsignacn__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides
details for the maximum signon action system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e78">iSeries Navigator name</th>
<th valign="bottom" id="d0e82">When maximum is reached</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e78 ">Character-based interface name</td>
<td valign="top" headers="d0e82 ">QMAXSIGNACN</td>
</tr>
<tr><td valign="top" headers="d0e78 ">Authority</td>
<td valign="top" headers="d0e82 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR)
user profile is shipped with these authorities.</div>
</td>
</tr>
<tr><td valign="top" headers="d0e78 ">How to access</td>
<td valign="top" headers="d0e82 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <span class="uicontrol">Signon Policy</span> and select <span class="uicontrol">Properties</span>.</li>
<li>On the <span class="uicontrol">General</span> page you will find the option for
maximum signon attempts.</li>
</ol>
</div>
<div class="p"><span class="uicontrol">Character-based interface</span><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QMAXSIGNACN</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e78 ">Changes take effect</td>
<td valign="top" headers="d0e82 ">Immediately</td>
</tr>
<tr><td valign="top" headers="d0e78 ">Default value</td>
<td valign="top" headers="d0e82 ">Disable user and device (3)</td>
</tr>
<tr><td valign="top" headers="d0e78 ">Recommended value</td>
<td valign="top" headers="d0e82 ">Disable user and device (3)</td>
</tr>
<tr><td valign="top" headers="d0e78 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e82 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e78 ">Special considerations</td>
<td valign="top" headers="d0e82 ">The recommended value for the maximum sign on attempts
allows a user three consecutive attempts to sign on, by using the correct
user ID and password combination. When a user exceeds the number of unsuccessful
signon attempts allowed, the system will disable the user's profile and vary
off the device where the user attempted to sign on. <p>To make a user's profile
available for signon again, use the following command: CHGUSRPRF USRPRF(profile-name)
STATUS(*ENABLED)</p>
<p>To make a workstation available for signon again, use
the Work with Configuration Status (WRKCFGSTS) command to vary on the device. </p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more detailed information about this security value, see Chapter 3, <span class="q">"Security
System Values"</span> in <a href="../books/sc415302.pdf" target="_blank">Security
Reference</a>. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
</div>
</div>
</body>
</html>