ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvstorepwdinfo.htm

64 lines
4.2 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Store password information" />
<meta name="abstract" content="To support some network functions and communications requirements, iSeries servers provide a secure method for storing passwords that can be decrypted. Your system uses these passwords, for example, to establish a SLIP connection with another system." />
<meta name="description" content="To support some network functions and communications requirements, iSeries servers provide a secure method for storing passwords that can be decrypted. Your system uses these passwords, for example, to establish a SLIP connection with another system." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="storepwdinfo" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Store password information</title>
</head>
<body id="storepwdinfo"><a name="storepwdinfo"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Store password information</h1>
<div><p>To support some network functions and communications requirements, iSeries™ servers
provide a secure method for storing passwords that can be decrypted. Your
system uses these passwords, for example, to establish a SLIP connection with
another system.</p>
<p>Systems store these special passwords in a secure area that is not accessible
to any user programs or interfaces. Only explicitly authorized system functions
can set these passwords and retrieve them.</p>
<p>For example, when you use a stored password for dial-out SLIP connections,
you set the password with the system command that creates the configuration
profile (WRKTCPPTP). You must have *IOSYSCFG to use the command. A specially
coded connection script retrieves the password and decrypts it during the
dial-out procedure. The decrypted password is not visible to the user or in
any job log.</p>
<p>As a security administrator, you need to decide whether you will allow
passwords that can be decrypted to be stored on your system. You use the Retain
Server Security Data (QRETSVRSEC) system value to specify this. The default
is 0 (No). Therefore, your system will not store passwords that can be decrypted
unless you explicitly set this system value.</p>
<p>If you have network or communications requirements for stored passwords,
you should set appropriate policies and understand the policies and practices
of your communications partners. For example, when you use SLIP to communicate
with another iSeries server,
both systems should consider setting up special user profiles for establishing
the sessions. The special profiles should have limited authority on the system.
This limits the impact to your system if a stored password is compromised
on a partner system.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
</div>
</div>
</body>
</html>