127 lines
6.3 KiB
HTML
127 lines
6.3 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Set password rules" />
|
||
|
<meta name="abstract" content="Follow these steps to secure your system signon." />
|
||
|
<meta name="description" content="Follow these steps to secure your system signon." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="passwdrule" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Set password rules</title>
|
||
|
</head>
|
||
|
<body id="passwdrule"><a name="passwdrule"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Set password rules</h1>
|
||
|
<div><p>Follow these steps to secure your system signon.</p>
|
||
|
<div class="p">You need to do this first.</div>
|
||
|
<div class="section"><ul><li>Set a policy that states that passwords must not be trivial and must not
|
||
|
be shared.</li>
|
||
|
<li>Set system values to help you with enforcement. Table 1 shows recommended
|
||
|
system value settings.</li>
|
||
|
</ul>
|
||
|
<p>The combination of values in table is fairly restrictive
|
||
|
and is intended to significantly reduce the likelihood of trivial passwords.
|
||
|
However, your users may find it difficult and frustrating to select a password
|
||
|
that meets these restrictions.</p>
|
||
|
<div class="p">Consider providing users with the following:<ol><li>A list of the criteria for passwords.</li>
|
||
|
<li>Examples of passwords that are and are not valid.</li>
|
||
|
<li>Suggestions for how to think of a good password.</li>
|
||
|
</ol>
|
||
|
Use the Print System Security Attributes (PRTSYSSECA) command to print
|
||
|
your current settings for these system values.</div>
|
||
|
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. System values
|
||
|
for passwords</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e41">System value name</th>
|
||
|
<th valign="bottom" id="d0e43">Description</th>
|
||
|
<th valign="bottom" id="d0e45">Recommended value</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><td valign="top" headers="d0e41 ">QPWDEXPITV</td>
|
||
|
<td valign="top" headers="d0e43 ">How often the system users must change their passwords.
|
||
|
You can specify a different value for individual users in the user profile.</td>
|
||
|
<td valign="top" headers="d0e45 ">60 (days)</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDLMTAJC</td>
|
||
|
<td valign="top" headers="d0e43 ">Whether the system prevents adjacent characters that
|
||
|
are the same.</td>
|
||
|
<td valign="top" headers="d0e45 ">1 (yes)</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDLMTCHR</td>
|
||
|
<td valign="top" headers="d0e43 ">What characters may not be used in passwords.</td>
|
||
|
<td valign="top" headers="d0e45 ">AEIOU#$@</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDLMTREP</td>
|
||
|
<td valign="top" headers="d0e43 ">Whether the system prevents the same character from
|
||
|
appearing more than once in the password.</td>
|
||
|
<td valign="top" headers="d0e45 ">2 (not allowed consecutively)</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDLVL</td>
|
||
|
<td valign="top" headers="d0e43 ">Whether user profile passwords are limited to 10 characters
|
||
|
or a maximum of 128.</td>
|
||
|
<td valign="top" headers="d0e45 ">0<sup>2</sup></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDMAXLEN</td>
|
||
|
<td valign="top" headers="d0e43 ">The maximum number of characters in a password.</td>
|
||
|
<td valign="top" headers="d0e45 ">8</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDMINLEN</td>
|
||
|
<td valign="top" headers="d0e43 ">The minimum number of characters in a password.</td>
|
||
|
<td valign="top" headers="d0e45 ">6</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDPOSDIF</td>
|
||
|
<td valign="top" headers="d0e43 ">Whether each character in a password must be different
|
||
|
from the character in the same position on the previous password.</td>
|
||
|
<td valign="top" headers="d0e45 ">1 (yes)</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDRQDDGT</td>
|
||
|
<td valign="top" headers="d0e43 ">Whether the password must have at least one numeric
|
||
|
character.</td>
|
||
|
<td valign="top" headers="d0e45 ">1 (yes)</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDRQDDIF</td>
|
||
|
<td valign="top" headers="d0e43 ">How long a user must wait before using the same password
|
||
|
again.</td>
|
||
|
<td valign="top" headers="d0e45 ">5 or less (expiration intervals)<sup>1</sup></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e41 ">QPWDVLDPGM</td>
|
||
|
<td valign="top" headers="d0e43 ">What exit program is called to validate a newly assigned
|
||
|
password.</td>
|
||
|
<td valign="top" headers="d0e45 ">*NONE</td>
|
||
|
</tr>
|
||
|
<tr><td colspan="3" valign="top" headers="d0e41 d0e43 d0e45 "><div class="note"><span class="notetitle">Note:</span> <ol><li>The QPWDEXPITV system value specifies how often you must change your password,
|
||
|
such as every 60 days. This is the expiration interval. The QPWDRQDDIF system
|
||
|
value specifies the number of time a user must change their password before
|
||
|
then can use their original password again.</li>
|
||
|
<li>QPWDLMTCHR is not enforced at password levels 2 or 3.</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|