ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqpwdrqddif.htm

127 lines
7.0 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Restrict duplicate passwords" />
<meta name="abstract" content="This system value controls whether the password must be different from previous passwords." />
<meta name="description" content="This system value controls whether the password must be different from previous passwords." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qpwdrqddif" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Restrict duplicate passwords</title>
</head>
<body id="qpwdrqddif"><a name="qpwdrqddif"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Restrict duplicate passwords</h1>
<div><p>This system value controls whether the password must be different
from previous passwords.</p>
<p>This system value controls whether the password must be different from
previous passwords. This value sets a number of previous passwords that are
checked for duplicate passwords. This value provides additional security by
preventing users from specifying passwords used previously. It also prevents
a user whose password has expired from changing it and then immediately changing
it back to the old password.</p>
<p>See <a href="#qpwdrqddif__quickref">Quick reference</a> table
for an overview of the restrict duplicate passwords system value.</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the restrict duplicate passwords
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e29">iSeries™ Navigator</th>
<th valign="bottom" id="d0e33">Character-based interface</th>
<th valign="bottom" id="d0e35">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e29 ">Password re-use cycle</td>
<td valign="top" headers="d0e33 "><em>number-of-password-values-checked</em></td>
<td valign="top" headers="d0e35 ">Specify the number of passwords that are checked for
duplicates.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>Relationship to security policy</strong></p>
<p>Within your security policy you should describe the password rules that
are defined by the system values related passwords. For this system value,
inform users that they cannot recycle passwords before this value has exceeded.
Password recycling allows users to choose between three or four favorite passwords,
however; this poses a security threat to your system. To minimize this threat,
use this system value with the password expiration system value to prevent
a password from being reused for at least 6 months. For example, if you selected
30 days for password expiration interval and selected 10 passwords for the
password re-use cycle, then a typical user, who changes passwords when warned
by the system, will not repeat a password for approximately 9 months.</p>
<div class="p">
<div class="tablenoborder"><a name="qpwdrqddif__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qpwdrqddif__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides
details for the restrict duplicate passwords system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e64">iSeries Navigator name</th>
<th valign="bottom" id="d0e68">Password re-use cycle</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e64 ">Character-based interface name</td>
<td valign="top" headers="d0e68 ">QPWDRQDDIF</td>
</tr>
<tr><td valign="top" headers="d0e64 ">Authority</td>
<td valign="top" headers="d0e68 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e64 ">How to access</td>
<td valign="top" headers="d0e68 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <strong>Password Policy</strong> and select <strong>Properties</strong>.</li>
<li>On the <strong>Validation</strong> page, you will find the options for password
re-use.</li>
</ol>
</div>
<div class="p"><strong>Character-based interface</strong><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QPWDRQDDIF</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e64 ">Changes take effect</td>
<td valign="top" headers="d0e68 ">Immediately</td>
</tr>
<tr><td valign="top" headers="d0e64 ">Default value</td>
<td valign="top" headers="d0e68 ">After one password</td>
</tr>
<tr><td valign="top" headers="d0e64 ">Recommended value</td>
<td valign="top" headers="d0e68 ">After 10 passwords</td>
</tr>
<tr><td valign="top" headers="d0e64 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e68 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e64 ">Special considerations </td>
<td valign="top" headers="d0e68 ">Select a value of 10 or more to prevent the use of repeated
passwords. It is recommended to use a combination of the Password expiration
value and the Password reuse cycle value to prevent a password from being
reused for at least 6 month</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more in-depth information about this security value, see Chapter 3,
"Security System Values" in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
</div>
</div>
</body>
</html>