132 lines
7.2 KiB
HTML
132 lines
7.2 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Maximum signon action" />
|
||
|
<meta name="abstract" content="The maximum signon attempts action system value determines what the system does when the maximum number of signon attempts is reached at a workstation." />
|
||
|
<meta name="description" content="The maximum signon attempts action system value determines what the system does when the maximum number of signon attempts is reached at a workstation." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="qmaxsignacn" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Maximum signon action</title>
|
||
|
</head>
|
||
|
<body id="qmaxsignacn"><a name="qmaxsignacn"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Maximum signon action</h1>
|
||
|
<div><p>The maximum signon attempts action system value determines what
|
||
|
the system does when the maximum number of signon attempts is reached at a
|
||
|
workstation.</p>
|
||
|
<p>This system value works with the <a href="rzamvqmaxsign.htm">Maximum signon attempts</a> system
|
||
|
value to prevent unauthorized sign on to the system.</p>
|
||
|
<p>See <a href="#qmaxsignacn__quickref">Table 2</a> for an overview
|
||
|
of the maximum signon action system value. </p>
|
||
|
<div class="p">
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the maximum signon attempts
|
||
|
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e32">iSeries™ Navigator</th>
|
||
|
<th valign="bottom" id="d0e36">Character-based interface</th>
|
||
|
<th valign="bottom" id="d0e38">Description</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><td valign="top" headers="d0e32 ">Disable user</td>
|
||
|
<td valign="top" headers="d0e36 ">2</td>
|
||
|
<td valign="top" headers="d0e38 ">Disable user profile only.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e32 ">Disable device</td>
|
||
|
<td valign="top" headers="d0e36 ">1</td>
|
||
|
<td valign="top" headers="d0e38 ">Disable device only. </td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e32 ">Disable user and device</td>
|
||
|
<td valign="top" headers="d0e36 ">3</td>
|
||
|
<td valign="top" headers="d0e38 ">Disable both the user profile and device.</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
</div>
|
||
|
<p><span class="uicontrol">Relationship to security policy</span></p>
|
||
|
<p>Within your security policy you should inform users your company's expectations
|
||
|
for managing their signon activities. It is important to document the number
|
||
|
of signon attempts that users are allowed, and the action taken when that
|
||
|
number is exceeded.</p>
|
||
|
<div class="p">
|
||
|
<div class="tablenoborder"><a name="qmaxsignacn__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qmaxsignacn__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides
|
||
|
details for the maximum signon action system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e78">iSeries Navigator name</th>
|
||
|
<th valign="bottom" id="d0e82">When maximum is reached</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><td valign="top" headers="d0e78 ">Character-based interface name</td>
|
||
|
<td valign="top" headers="d0e82 ">QMAXSIGNACN</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e78 ">Authority</td>
|
||
|
<td valign="top" headers="d0e82 "><p>All object access (*ALLOBJ)<br />
|
||
|
Security administrator (*SECADM)</p>
|
||
|
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR)
|
||
|
user profile is shipped with these authorities.</div>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e78 ">How to access</td>
|
||
|
<td valign="top" headers="d0e82 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> > <span class="uicontrol">Policies</span></span>.</li>
|
||
|
<li>Right click <span class="uicontrol">Signon Policy</span> and select <span class="uicontrol">Properties</span>.</li>
|
||
|
<li>On the <span class="uicontrol">General</span> page you will find the option for
|
||
|
maximum signon attempts.</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
<div class="p"><span class="uicontrol">Character-based interface</span><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QMAXSIGNACN</samp>.</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e78 ">Changes take effect</td>
|
||
|
<td valign="top" headers="d0e82 ">Immediately</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e78 ">Default value</td>
|
||
|
<td valign="top" headers="d0e82 ">Disable user and device (3)</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e78 ">Recommended value</td>
|
||
|
<td valign="top" headers="d0e82 ">Disable user and device (3)</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e78 "><a href="rzamvlockdown.htm">Lockable</a></td>
|
||
|
<td valign="top" headers="d0e82 ">Yes</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e78 ">Special considerations</td>
|
||
|
<td valign="top" headers="d0e82 ">The recommended value for the maximum sign on attempts
|
||
|
allows a user three consecutive attempts to sign on, by using the correct
|
||
|
user ID and password combination. When a user exceeds the number of unsuccessful
|
||
|
signon attempts allowed, the system will disable the user's profile and vary
|
||
|
off the device where the user attempted to sign on. <p>To make a user's profile
|
||
|
available for signon again, use the following command: CHGUSRPRF USRPRF(profile-name)
|
||
|
STATUS(*ENABLED)</p>
|
||
|
<p>To make a workstation available for signon again, use
|
||
|
the Work with Configuration Status (WRKCFGSTS) command to vary on the device. </p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
</div>
|
||
|
<p>For more detailed information about this security value, see Chapter 3, <span class="q">"Security
|
||
|
System Values"</span> in <a href="../books/sc415302.pdf" target="_blank">Security
|
||
|
Reference</a>. </p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|