ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakz_5.4.0.1/rzakzqpwdlvl.htm

200 lines
12 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Password system values: Password Level" />
<meta name="abstract" content="Sets the password level for the system. (QPWDLVL)" />
<meta name="description" content="Sets the password level for the system. (QPWDLVL)" />
<meta name="DC.Relation" scheme="URI" content="rzakzpasswordoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzlocksecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />
<meta name="DC.Relation" scheme="URI" content="rzakzfinder.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakzqpwdlvl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Password system values: Password Level</title>
</head>
<body id="rzakzqpwdlvl"><a name="rzakzqpwdlvl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Password system values: Password Level</h1>
<div><p>Sets the password level for the system. (QPWDLVL)</p>
<p><span class="uicontrol">Password Level</span>, also known as <span class="uicontrol">QPWDLVL</span>,
is a member of the password category of i5/OS™ system values. You can use this system
value to set the password level for the system. To learn more, keep reading.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th colspan="2" valign="top" class="firstcol" id="d0e31">Quick reference</th>
</tr>
</thead>
<tbody><tr><th valign="top" class="firstcol" id="d0e35" headers="d0e31 ">Location</th>
<td valign="top" headers="d0e35 d0e31 ">In iSeries™ Navigator,
select your system, <span class="menucascade"><span class="uicontrol"></span> &gt; <span class="uicontrol">Configuration
and Service</span> &gt; <span class="uicontrol">System Values</span> &gt; <span class="uicontrol">Password</span> &gt; <span class="uicontrol">General</span></span></td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e53" headers="d0e31 ">Special authority</th>
<td valign="top" headers="d0e53 d0e31 ">All object (*ALLOBJ) and security administrator (*SECADM)</td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e58" headers="d0e31 ">Default value</th>
<td valign="top" headers="d0e58 d0e31 ">Short passwords using a limited character set (0)</td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e63" headers="d0e31 ">Changes take effect</th>
<td valign="top" headers="d0e63 d0e31 ">At the next restart of the system</td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e68" headers="d0e31 ">Lockable</th>
<td valign="top" headers="d0e68 d0e31 ">Yes Lock function of security-related system values<br /><img src="rzakz503.gif" alt="Lockable system value" /><br /> (Click for details)</td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e75" headers="d0e31 ">Special considerations</th>
<td valign="top" headers="d0e75 d0e31 ">The password level system value cannot be changed from 3 to a value
of 0 or 1. The password level system value must be changed from 3 to 2 and
then to 0 or 1. The reason for this restriction is that all passwords used
at password level 0 or 1 are removed from the system when you change to the
password level 3.<p>While the system is at password level 2, you need to make
sure that you change your user profiles and give them a password that works
at password level 0 or 1 (10 characters or less for the password) prior to
changing from 2 to 0 or 1. Otherwise, users will not be able to sign on to
your system.</p>
<p>For more information about how to check user profiles to make
sure their passwords are valid for the password level you want to change to,
see Verify passwords when changing password levels.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="section"><h4 class="sectiontitle">What can I do with this system value?</h4><p>You can specify
the password level used on the system.</p>
<p>The password level of the system
can be set to allow for user profile passwords from 1 through 10 characters
or to allow for user profile passwords from 1 through 128 characters.</p>
<p>The
password level can be set to allow a passphrase as the password value. The
term passphrase is sometimes used in the computer industry to describe a password
value that can be very long and has few, if any, restrictions on the characters
used in the password value. Blanks can be used between letters in a passphrase,
which allows you to have a password value that is a sentence or sentence fragment.
The only restrictions on a passphrase are that it cannot start with an asterisk
(*) and trailing blanks are removed.</p>
<p>Changing the password level on
the system from 1-10 character passwords to 1-128 character passwords requires
careful consideration. If your system communicates with other systems in a
network, then all systems must be able to handle the longer passwords.</p>
<p>Before
you change this system value, you should read "Planning Password Level Changes"
in the iSeries Security
Reference.</p>
<p>Possible options are:</p>
<ul><li><span class="uicontrol">Short passwords using a limited character set. (0)</span> <p>Supports
user profile passwords with a length of 1-10 characters. The allowable characters
are A-Z, 0-9, and the following special characters: dollar sign ($), at sign
(@), number sign (#), and underscore (_).</p>
<p>This value should be used
if your server communicates with other servers in a network and those systems
are running with a password level of 0 or an operating system release earlier
than V5R1M0.</p>
<p>This value should be used if your server communicates with
any other server that limits the length of passwords from 1-10 characters.</p>
<p>This
value must be used if your server communicates with the iSeries Support
for Windows<sup>®</sup> Network
Neighborhood (iSeries NetServer™)
product and your server communicates with other servers using passwords from
1-10 characters.</p>
<p>When the password level of the system is set to this
value, the operating system will create the encrypted password for use at
password level 2 and 3. The password characters used at level 0 are the same
characters that will be available at levels 2 and 3. </p>
</li>
<li><strong>Short passwords using a limited character set. Disable iSeries NetServer on Windows <sup>(R)</sup> 95/98/ME
clients. (1)</strong> <p>This value is equivalent to the support for password level
0 with the following exception. iSeries NetServer passwords for Windows 95/98/ME
clients will be removed from the system. If you use the client support for
the iSeries NetServer product,
you cannot use password level 1.</p>
<p>The NetServer product for Windows 95/98/ME
will not connect to a system where the password level is set to 1 or 3. NetServer passwords
are removed from the system at these password levels because of security concerns
with the weak encryption used for NetServer passwords.</p>
</li>
<li><span class="uicontrol">Long passwords using an unlimited character set. (2)</span> <p>This
value supports user profile passwords from 1-128 characters. Uppercase and
lowercase characters are allowed. Passwords can consist of any characters.
The passwords are case sensitive.</p>
<p>This level is viewed as a compatibility
level. When you sign on a system, the password that you use will be used to
authenticate signon and other password tests. This level allows for a move
back to password level 0 or 1 as long as a password meets the length and syntax
requirements of password level 0 or 1.</p>
<p>This level can be used if your
system communicates with the iSeries Support for Windows Network Neighborhood (iSeries NetServer)
product as long as your password is 1-14 characters in length.</p>
<p>You cannot
use level 2 if your system communicates with:</p>
<ul><li>Other systems in a network that are running with either a password level
of 0 or 1 or an operating system release earlier than V5R1M0.</li>
<li>Any other system that limits the length of passwords from 1-10 characters.</li>
<li> PCs that are using Client Access V5R1 or earlier. </li>
</ul>
</li>
<li><strong>Long passwords using an unlimited character set. Disable iSeries NetServer on Windows 95/98/ME
clients. (3)</strong> This level supports user profile passwords from 1-128 characters.
Upper and lower case characters are allowed. Passwords can consist of any
characters and the passwords are case sensitive. <p>Before you change the
password level to 3, you should read "Planning Password Level Changes" in
the iSeries Security
Reference book.</p>
<p>Moving from password level 3 back to 0 or 1 is not allowed
without first changing to password level 2. Password level 2 allows for creation
of passwords that can be used at password level 0 or 1 as long as the password
meets the length and syntax rules for password level 0 or 1.</p>
<p>You cannot
use this level 3 if your system communicates with:</p>
<ul><li>Other systems in a network that are running with either a password level
of 0 or 1 or an operating system release earlier than V5R1M0.</li>
<li>Any other system that limits the length of passwords from 1-10 characters.</li>
<li>The iSeries Support
for Windows Network
Neighborhood (iSeries NetServer)
product.</li>
<li> PCs that are using Client Access V5R1 or earlier. </li>
</ul>
<p>The NetServer product
for Windows 95/98/ME
will not connect to a system where the password level is set to 1 or 3. NetServer passwords
are removed from the system at these password levels because of security concerns
with the weak encryption used for NetServer passwords. The passwords
are easy to uncode.</p>
</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Where can I get more information about this system value?</h4><p>To
learn more, go to the password system values overview topic. You can go to
the <a href="rzakzverifypwdlvl.htm">Verify passwords when changing password levels</a> topic
for information about verifying password levels when changing passwords. Or,
if you are looking for a specific system value or category of system values,
try using the system value finder.</p>
</div>
</div>
<div><div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzakzpasswordoverview.htm" title="Use i5/OS password system values to control the password values and password restrictions.">System values: Password overview</a></div>
<div><a href="rzakzlocksecurity.htm" title="Find information about how to lock and unlock system values. Only some system values can be locked. This will provide you with a description of the lock function, what system values can be locked, and how to lock and unlock them.">Lock function of security-related system values</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../books/sc415302.pdf" target="_blank">iSeries Security Reference</a></div>
<div><a href="rzakzfinder.htm">System value finder</a></div>
</div>
</div>
</body>
</html>