200 lines
12 KiB
HTML
200 lines
12 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Password system values: Password Level" />
|
||
|
<meta name="abstract" content="Sets the password level for the system. (QPWDLVL)" />
|
||
|
<meta name="description" content="Sets the password level for the system. (QPWDLVL)" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakzpasswordoverview.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakzlocksecurity.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakzfinder.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzakzqpwdlvl" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Password system values: Password Level</title>
|
||
|
</head>
|
||
|
<body id="rzakzqpwdlvl"><a name="rzakzqpwdlvl"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Password system values: Password Level</h1>
|
||
|
<div><p>Sets the password level for the system. (QPWDLVL)</p>
|
||
|
<p><span class="uicontrol">Password Level</span>, also known as <span class="uicontrol">QPWDLVL</span>,
|
||
|
is a member of the password category of i5/OS™ system values. You can use this system
|
||
|
value to set the password level for the system. To learn more, keep reading.</p>
|
||
|
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th colspan="2" valign="top" class="firstcol" id="d0e31">Quick reference</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><th valign="top" class="firstcol" id="d0e35" headers="d0e31 ">Location</th>
|
||
|
<td valign="top" headers="d0e35 d0e31 ">In iSeries™ Navigator,
|
||
|
select your system, <span class="menucascade"><span class="uicontrol"></span> > <span class="uicontrol">Configuration
|
||
|
and Service</span> > <span class="uicontrol">System Values</span> > <span class="uicontrol">Password</span> > <span class="uicontrol">General</span></span></td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" class="firstcol" id="d0e53" headers="d0e31 ">Special authority</th>
|
||
|
<td valign="top" headers="d0e53 d0e31 ">All object (*ALLOBJ) and security administrator (*SECADM)</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" class="firstcol" id="d0e58" headers="d0e31 ">Default value</th>
|
||
|
<td valign="top" headers="d0e58 d0e31 ">Short passwords using a limited character set (0)</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" class="firstcol" id="d0e63" headers="d0e31 ">Changes take effect</th>
|
||
|
<td valign="top" headers="d0e63 d0e31 ">At the next restart of the system</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" class="firstcol" id="d0e68" headers="d0e31 ">Lockable</th>
|
||
|
<td valign="top" headers="d0e68 d0e31 ">Yes Lock function of security-related system values<br /><img src="rzakz503.gif" alt="Lockable system value" /><br /> (Click for details)</td>
|
||
|
</tr>
|
||
|
<tr><th valign="top" class="firstcol" id="d0e75" headers="d0e31 ">Special considerations</th>
|
||
|
<td valign="top" headers="d0e75 d0e31 ">The password level system value cannot be changed from 3 to a value
|
||
|
of 0 or 1. The password level system value must be changed from 3 to 2 and
|
||
|
then to 0 or 1. The reason for this restriction is that all passwords used
|
||
|
at password level 0 or 1 are removed from the system when you change to the
|
||
|
password level 3.<p>While the system is at password level 2, you need to make
|
||
|
sure that you change your user profiles and give them a password that works
|
||
|
at password level 0 or 1 (10 characters or less for the password) prior to
|
||
|
changing from 2 to 0 or 1. Otherwise, users will not be able to sign on to
|
||
|
your system.</p>
|
||
|
<p>For more information about how to check user profiles to make
|
||
|
sure their passwords are valid for the password level you want to change to,
|
||
|
see Verify passwords when changing password levels.</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">What can I do with this system value?</h4><p>You can specify
|
||
|
the password level used on the system.</p>
|
||
|
<p>The password level of the system
|
||
|
can be set to allow for user profile passwords from 1 through 10 characters
|
||
|
or to allow for user profile passwords from 1 through 128 characters.</p>
|
||
|
<p>The
|
||
|
password level can be set to allow a passphrase as the password value. The
|
||
|
term passphrase is sometimes used in the computer industry to describe a password
|
||
|
value that can be very long and has few, if any, restrictions on the characters
|
||
|
used in the password value. Blanks can be used between letters in a passphrase,
|
||
|
which allows you to have a password value that is a sentence or sentence fragment.
|
||
|
The only restrictions on a passphrase are that it cannot start with an asterisk
|
||
|
(*) and trailing blanks are removed.</p>
|
||
|
<p>Changing the password level on
|
||
|
the system from 1-10 character passwords to 1-128 character passwords requires
|
||
|
careful consideration. If your system communicates with other systems in a
|
||
|
network, then all systems must be able to handle the longer passwords.</p>
|
||
|
<p>Before
|
||
|
you change this system value, you should read "Planning Password Level Changes"
|
||
|
in the iSeries Security
|
||
|
Reference.</p>
|
||
|
<p>Possible options are:</p>
|
||
|
<ul><li><span class="uicontrol">Short passwords using a limited character set. (0)</span> <p>Supports
|
||
|
user profile passwords with a length of 1-10 characters. The allowable characters
|
||
|
are A-Z, 0-9, and the following special characters: dollar sign ($), at sign
|
||
|
(@), number sign (#), and underscore (_).</p>
|
||
|
<p>This value should be used
|
||
|
if your server communicates with other servers in a network and those systems
|
||
|
are running with a password level of 0 or an operating system release earlier
|
||
|
than V5R1M0.</p>
|
||
|
<p>This value should be used if your server communicates with
|
||
|
any other server that limits the length of passwords from 1-10 characters.</p>
|
||
|
<p>This
|
||
|
value must be used if your server communicates with the iSeries Support
|
||
|
for Windows<sup>®</sup> Network
|
||
|
Neighborhood (iSeries NetServer™)
|
||
|
product and your server communicates with other servers using passwords from
|
||
|
1-10 characters.</p>
|
||
|
<p>When the password level of the system is set to this
|
||
|
value, the operating system will create the encrypted password for use at
|
||
|
password level 2 and 3. The password characters used at level 0 are the same
|
||
|
characters that will be available at levels 2 and 3. </p>
|
||
|
</li>
|
||
|
<li><strong>Short passwords using a limited character set. Disable iSeries NetServer on Windows <sup>(R)</sup> 95/98/ME
|
||
|
clients. (1)</strong> <p>This value is equivalent to the support for password level
|
||
|
0 with the following exception. iSeries NetServer passwords for Windows 95/98/ME
|
||
|
clients will be removed from the system. If you use the client support for
|
||
|
the iSeries NetServer product,
|
||
|
you cannot use password level 1.</p>
|
||
|
<p>The NetServer product for Windows 95/98/ME
|
||
|
will not connect to a system where the password level is set to 1 or 3. NetServer passwords
|
||
|
are removed from the system at these password levels because of security concerns
|
||
|
with the weak encryption used for NetServer passwords.</p>
|
||
|
</li>
|
||
|
<li><span class="uicontrol">Long passwords using an unlimited character set. (2)</span> <p>This
|
||
|
value supports user profile passwords from 1-128 characters. Uppercase and
|
||
|
lowercase characters are allowed. Passwords can consist of any characters.
|
||
|
The passwords are case sensitive.</p>
|
||
|
<p>This level is viewed as a compatibility
|
||
|
level. When you sign on a system, the password that you use will be used to
|
||
|
authenticate signon and other password tests. This level allows for a move
|
||
|
back to password level 0 or 1 as long as a password meets the length and syntax
|
||
|
requirements of password level 0 or 1.</p>
|
||
|
<p>This level can be used if your
|
||
|
system communicates with the iSeries Support for Windows Network Neighborhood (iSeries NetServer)
|
||
|
product as long as your password is 1-14 characters in length.</p>
|
||
|
<p>You cannot
|
||
|
use level 2 if your system communicates with:</p>
|
||
|
<ul><li>Other systems in a network that are running with either a password level
|
||
|
of 0 or 1 or an operating system release earlier than V5R1M0.</li>
|
||
|
<li>Any other system that limits the length of passwords from 1-10 characters.</li>
|
||
|
<li> PCs that are using Client Access V5R1 or earlier. </li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><strong>Long passwords using an unlimited character set. Disable iSeries NetServer on Windows 95/98/ME
|
||
|
clients. (3)</strong> This level supports user profile passwords from 1-128 characters.
|
||
|
Upper and lower case characters are allowed. Passwords can consist of any
|
||
|
characters and the passwords are case sensitive. <p>Before you change the
|
||
|
password level to 3, you should read "Planning Password Level Changes" in
|
||
|
the iSeries Security
|
||
|
Reference book.</p>
|
||
|
<p>Moving from password level 3 back to 0 or 1 is not allowed
|
||
|
without first changing to password level 2. Password level 2 allows for creation
|
||
|
of passwords that can be used at password level 0 or 1 as long as the password
|
||
|
meets the length and syntax rules for password level 0 or 1.</p>
|
||
|
<p>You cannot
|
||
|
use this level 3 if your system communicates with:</p>
|
||
|
<ul><li>Other systems in a network that are running with either a password level
|
||
|
of 0 or 1 or an operating system release earlier than V5R1M0.</li>
|
||
|
<li>Any other system that limits the length of passwords from 1-10 characters.</li>
|
||
|
<li>The iSeries Support
|
||
|
for Windows Network
|
||
|
Neighborhood (iSeries NetServer)
|
||
|
product.</li>
|
||
|
<li> PCs that are using Client Access V5R1 or earlier. </li>
|
||
|
</ul>
|
||
|
<p>The NetServer product
|
||
|
for Windows 95/98/ME
|
||
|
will not connect to a system where the password level is set to 1 or 3. NetServer passwords
|
||
|
are removed from the system at these password levels because of security concerns
|
||
|
with the weak encryption used for NetServer passwords. The passwords
|
||
|
are easy to uncode.</p>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Where can I get more information about this system value?</h4><p>To
|
||
|
learn more, go to the password system values overview topic. You can go to
|
||
|
the <a href="rzakzverifypwdlvl.htm">Verify passwords when changing password levels</a> topic
|
||
|
for information about verifying password levels when changing passwords. Or,
|
||
|
if you are looking for a specific system value or category of system values,
|
||
|
try using the system value finder.</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div><div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzakzpasswordoverview.htm" title="Use i5/OS password system values to control the password values and password restrictions.">System values: Password overview</a></div>
|
||
|
<div><a href="rzakzlocksecurity.htm" title="Find information about how to lock and unlock system values. Only some system values can be locked. This will provide you with a description of the lock function, what system values can be locked, and how to lock and unlock them.">Lock function of security-related system values</a></div>
|
||
|
</div>
|
||
|
<div class="relinfo"><strong>Related information</strong><br />
|
||
|
<div><a href="../books/sc415302.pdf" target="_blank">iSeries Security Reference</a></div>
|
||
|
<div><a href="rzakzfinder.htm">System value finder</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|