211 lines
12 KiB
HTML
211 lines
12 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
<!DOCTYPE html
|
|||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
<meta name="security" content="public" />
|
|||
|
<meta name="Robots" content="index,follow" />
|
|||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
<meta name="DC.Type" content="concept" />
|
|||
|
<meta name="DC.Title" content="Password level" />
|
|||
|
<meta name="abstract" content="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification." />
|
|||
|
<meta name="description" content="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification." />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvpasswdlvlchg.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvchangeknownpwd.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvavoidefpwd.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvchangelowerpwd.htm" />
|
|||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
<meta name="DC.Identifier" content="pwdlvl" />
|
|||
|
<meta name="DC.Language" content="en-us" />
|
|||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
<!-- US Government Users Restricted Rights -->
|
|||
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
<title>Password level</title>
|
|||
|
</head>
|
|||
|
<body id="pwdlvl"><a name="pwdlvl"><!-- --></a>
|
|||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
<h1 class="topictitle1">Password level</h1>
|
|||
|
<div><p>This system value allows you to set a specific password environment
|
|||
|
where all user profile passwords can have the same length specification.</p>
|
|||
|
<p>You can set the password level so that passwords can be shorter, from 1-10
|
|||
|
characters, or longer passwords from 1-128 characters. The password level
|
|||
|
can be set to allow a passphrase as the password value. A passphrase describes
|
|||
|
a password value which can be very long and has few, if any, restrictions
|
|||
|
on the characters used in the password value. You can create passphrase that
|
|||
|
contain blanks between letters, which allows you to have a sentence or sentence
|
|||
|
fragments for password values. The only restrictions on a passphrase are that
|
|||
|
it cannot start with an asterisk (’*’) and trailing blanks will be removed.</p>
|
|||
|
<p>See <a href="#pwdlvl__quickref">Quick reference</a> table
|
|||
|
for an overview of the password level system value.</p>
|
|||
|
<div class="p">
|
|||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the use password level system
|
|||
|
value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e29">iSeries™ Navigator </th>
|
|||
|
<th valign="bottom" id="d0e33">Character-based interface</th>
|
|||
|
<th valign="bottom" id="d0e35">Description </th>
|
|||
|
</tr>
|
|||
|
</thead>
|
|||
|
<tbody><tr><td valign="top" headers="d0e29 ">Short passwords using a limited character set. (0)</td>
|
|||
|
<td valign="top" headers="d0e33 ">0</td>
|
|||
|
<td valign="top" headers="d0e35 ">Password level 0 supports passwords that contain 1-10
|
|||
|
alphanumeric characters as well as, $, @, #, and _. Use password level 0 if
|
|||
|
your system communicates with other servers in a network and those servers
|
|||
|
either use password level 0 passwords or run on pre-V5R1 versions of the operating
|
|||
|
system. </td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e29 ">Short passwords using a limited character set. Disable NetServer™ passwords
|
|||
|
for Windows<sup>®</sup> 95/98/ME
|
|||
|
clients. (1)</td>
|
|||
|
<td valign="top" headers="d0e33 ">1</td>
|
|||
|
<td valign="top" headers="d0e35 ">Password level 1 supports the same character set as
|
|||
|
password level 0, but provides improved security because it removes all NetServer<sup>1</sup> passwords
|
|||
|
from the system. If you require iSeries NetServer, set your password level
|
|||
|
to 0 or 2 instead. </td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e29 ">Long passwords using an unlimited character set. (2)</td>
|
|||
|
<td valign="top" headers="d0e33 "> 2</td>
|
|||
|
<td valign="top" headers="d0e35 ">Password level 2 supports passwords that contain 1-128
|
|||
|
characters, and are case sensitive. You can use password level 2 if your system
|
|||
|
communicates with iSeries NetServer and all user passwords are
|
|||
|
1-14 characters long. However, do not use password level 2 if your system
|
|||
|
communicates with other systems that use password level 0 or 1 passwords or
|
|||
|
run on pre-V5R1 versions of the operating system.</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e29 ">Long passwords using an unlimited character set. Disable iSeries NetServer passwords
|
|||
|
for Windows 95/98/ME
|
|||
|
clients. (3)</td>
|
|||
|
<td valign="top" headers="d0e33 ">3</td>
|
|||
|
<td valign="top" headers="d0e35 ">Password level 3 supports passwords that contain 1-128
|
|||
|
characters, and are case sensitive. You cannot use this level when your system
|
|||
|
communicates with: <ul><li>Other systems in a network and those systems are running with either a
|
|||
|
password level of 0 or 1 </li>
|
|||
|
<li>systems that are running an operating system release less than V5R1M0
|
|||
|
of OS/400<sup>®</sup>. </li>
|
|||
|
<li>Any other system that limits the length of passwords from 1-10 characters. </li>
|
|||
|
<li>The iSeries Support
|
|||
|
for Windows Network
|
|||
|
Neighborhood (iSeries NetServer)<sup> 1</sup> product. </li>
|
|||
|
<li>PCs that are using versions of iSeries Access that are V5R1 or earlier
|
|||
|
of OS/400.</li>
|
|||
|
</ul>
|
|||
|
</td>
|
|||
|
</tr>
|
|||
|
<tr><td colspan="3" valign="top" headers="d0e29 d0e33 d0e35 "><ol><li>The NetServer product
|
|||
|
for Windows 95/98/ME
|
|||
|
will not connect to the system when the password level is set to 1 or 3. NetServer passwords
|
|||
|
are removed from the system at these password levels because of security concerns
|
|||
|
with the weak encryption used for NetServer passwords. The passwords
|
|||
|
are easy to decode.</li>
|
|||
|
</ol>
|
|||
|
</td>
|
|||
|
</tr>
|
|||
|
</tbody>
|
|||
|
</table>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<p><strong>Relationship to security policy</strong></p>
|
|||
|
<p>These options provide flexibility in password security based on your security
|
|||
|
environment. Shorter passwords provide users with easier password management,
|
|||
|
since there is less chance for misspelling or forgetting password sequences;
|
|||
|
however, shorter passwords with specific password rules can be guessed by
|
|||
|
a potential hacker. A longer more involved passwords or passphrases are harder
|
|||
|
to guess, but can frustrate users and make password management more difficult.
|
|||
|
For strict security environments you may want to provide passwords that are
|
|||
|
longer, but provide suggestions for aiding users to remember these passwords.
|
|||
|
Suggest that users create passphrases that are based on something personal
|
|||
|
that they can remember easily. </p>
|
|||
|
<p>For security environments that have less strict requirements, you can choose
|
|||
|
a password level that allows for shorter passwords and provide specific rules
|
|||
|
of password conduct. Whatever password level you choose, provide examples
|
|||
|
of valid password values and suggestions for formulating original passwords
|
|||
|
and passphrases. Stress that the passwords provided in your security policy
|
|||
|
are merely examples and should never be used for actual password values.</p>
|
|||
|
<div class="p">
|
|||
|
<div class="tablenoborder"><a name="pwdlvl__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="pwdlvl__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides details
|
|||
|
for the password level system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e170">iSeries Navigator name</th>
|
|||
|
<th valign="bottom" id="d0e174">Password level (at next restart)</th>
|
|||
|
</tr>
|
|||
|
</thead>
|
|||
|
<tbody><tr><td valign="top" headers="d0e170 ">Character-based interface name</td>
|
|||
|
<td valign="top" headers="d0e174 ">QPWDLVL</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e170 ">Authority</td>
|
|||
|
<td valign="top" headers="d0e174 "><p>All object access (*ALLOBJ)<br />
|
|||
|
Security administrator (*SECADM)</p>
|
|||
|
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
|
|||
|
these authorities. </div>
|
|||
|
</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e170 ">How to access</td>
|
|||
|
<td valign="top" headers="d0e174 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> > <span class="uicontrol">Policies</span></span>.</li>
|
|||
|
<li>Right click <strong>Password Policy</strong> and select <strong>Properties</strong>.</li>
|
|||
|
<li>On the <strong>General</strong> page, you will find the options for password level.</li>
|
|||
|
</ol>
|
|||
|
</div>
|
|||
|
<div class="p"><strong>Character-based interface</strong><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QPWDLVL</samp>.</li>
|
|||
|
</ol>
|
|||
|
</div>
|
|||
|
</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e170 ">Changes take effect</td>
|
|||
|
<td valign="top" headers="d0e174 ">At next restart</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e170 ">Default value</td>
|
|||
|
<td valign="top" headers="d0e174 ">Short passwords using a limited character set (0)</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e170 ">Recommended value</td>
|
|||
|
<td valign="top" headers="d0e174 ">See Special Considerations</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e170 "><a href="rzamvlockdown.htm">Lockable</a></td>
|
|||
|
<td valign="top" headers="d0e174 ">Yes</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e170 ">Special considerations </td>
|
|||
|
<td valign="top" headers="d0e174 "><p><strong>Changing password levels</strong></p>
|
|||
|
<p>You cannot
|
|||
|
change password level 3 to 0 or 1. Since all passwords used at password level
|
|||
|
0 or 1 are removed from the system when you change to the password level 3,
|
|||
|
you must first change the password level from 3 to 2 and then to 1 or 0. </p>
|
|||
|
<p>At
|
|||
|
password level 2, you must change all user profile passwords to comply with
|
|||
|
the character length specified for password level 0 or 1 (10 or less characters)
|
|||
|
prior to changing to password level 1 or 0. Otherwise, users will not be able
|
|||
|
to sign on to your system. </p>
|
|||
|
<p>After changing these passwords you can verify
|
|||
|
that user profiles to ensure their password comply with the password level
|
|||
|
to which you are changing. See the online help for Password level for instructions. </p>
|
|||
|
<p>For
|
|||
|
detailed considerations and for changing password level, see the section about
|
|||
|
planning password level changes in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>. </p>
|
|||
|
</td>
|
|||
|
</tr>
|
|||
|
</tbody>
|
|||
|
</table>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<p>For more in-depth information about this security value, see Chapter 3,
|
|||
|
"Security System Values" in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>. </p>
|
|||
|
</div>
|
|||
|
<div>
|
|||
|
<ul class="ullinks">
|
|||
|
<li class="ulchildlink"><strong><a href="rzamvpasswdlvlchg.htm">Plan password level changes</a></strong><br />
|
|||
|
Operations with other systems may fail or users may not be able to sign on to the system if you haven’t planned for the password level change adequately.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzamvchangeknownpwd.htm">Change known passwords</a></strong><br />
|
|||
|
Do the following to close some well-known entrances into the server that may exist on your system.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzamvavoidefpwd.htm">Avoid default passwords</a></strong><br />
|
|||
|
When you create a new user profile, the default is to make the password the same as the user profile name.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzamvchangelowerpwd.htm">Change to a lower password level</a></strong><br />
|
|||
|
There are considerations for you to make before you change to a lower password level.</li>
|
|||
|
</ul>
|
|||
|
|
|||
|
<div class="familylinks">
|
|||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
</body>
|
|||
|
</html>
|