ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvpasswdrule.htm

127 lines
6.3 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Set password rules" />
<meta name="abstract" content="Follow these steps to secure your system signon." />
<meta name="description" content="Follow these steps to secure your system signon." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="passwdrule" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Set password rules</title>
</head>
<body id="passwdrule"><a name="passwdrule"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Set password rules</h1>
<div><p>Follow these steps to secure your system signon.</p>
<div class="p">You need to do this first.</div>
<div class="section"><ul><li>Set a policy that states that passwords must not be trivial and must not
be shared.</li>
<li>Set system values to help you with enforcement. Table 1 shows recommended
system value settings.</li>
</ul>
<p>The combination of values in table is fairly restrictive
and is intended to significantly reduce the likelihood of trivial passwords.
However, your users may find it difficult and frustrating to select a password
that meets these restrictions.</p>
<div class="p">Consider providing users with the following:<ol><li>A list of the criteria for passwords.</li>
<li>Examples of passwords that are and are not valid.</li>
<li>Suggestions for how to think of a good password.</li>
</ol>
Use the Print System Security Attributes (PRTSYSSECA) command to print
your current settings for these system values.</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. System values
for passwords</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e41">System value name</th>
<th valign="bottom" id="d0e43">Description</th>
<th valign="bottom" id="d0e45">Recommended value</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e41 ">QPWDEXPITV</td>
<td valign="top" headers="d0e43 ">How often the system users must change their passwords.
You can specify a different value for individual users in the user profile.</td>
<td valign="top" headers="d0e45 ">60 (days)</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDLMTAJC</td>
<td valign="top" headers="d0e43 ">Whether the system prevents adjacent characters that
are the same.</td>
<td valign="top" headers="d0e45 ">1 (yes)</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDLMTCHR</td>
<td valign="top" headers="d0e43 ">What characters may not be used in passwords.</td>
<td valign="top" headers="d0e45 ">AEIOU#$@</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDLMTREP</td>
<td valign="top" headers="d0e43 ">Whether the system prevents the same character from
appearing more than once in the password.</td>
<td valign="top" headers="d0e45 ">2 (not allowed consecutively)</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDLVL</td>
<td valign="top" headers="d0e43 ">Whether user profile passwords are limited to 10 characters
or a maximum of 128.</td>
<td valign="top" headers="d0e45 ">0<sup>2</sup></td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDMAXLEN</td>
<td valign="top" headers="d0e43 ">The maximum number of characters in a password.</td>
<td valign="top" headers="d0e45 ">8</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDMINLEN</td>
<td valign="top" headers="d0e43 ">The minimum number of characters in a password.</td>
<td valign="top" headers="d0e45 ">6</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDPOSDIF</td>
<td valign="top" headers="d0e43 ">Whether each character in a password must be different
from the character in the same position on the previous password.</td>
<td valign="top" headers="d0e45 ">1 (yes)</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDRQDDGT</td>
<td valign="top" headers="d0e43 ">Whether the password must have at least one numeric
character.</td>
<td valign="top" headers="d0e45 ">1 (yes)</td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDRQDDIF</td>
<td valign="top" headers="d0e43 ">How long a user must wait before using the same password
again.</td>
<td valign="top" headers="d0e45 ">5 or less (expiration intervals)<sup>1</sup></td>
</tr>
<tr><td valign="top" headers="d0e41 ">QPWDVLDPGM</td>
<td valign="top" headers="d0e43 ">What exit program is called to validate a newly assigned
password.</td>
<td valign="top" headers="d0e45 ">*NONE</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e41 d0e43 d0e45 "><div class="note"><span class="notetitle">Note:</span> <ol><li>The QPWDEXPITV system value specifies how often you must change your password,
such as every 60 days. This is the expiration interval. The QPWDRQDDIF system
value specifies the number of time a user must change their password before
then can use their original password again.</li>
<li>QPWDLMTCHR is not enforced at password levels 2 or 3.</li>
</ol>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
</div>
</div>
</body>
</html>