62 lines
4.1 KiB
HTML
62 lines
4.1 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Avoid default passwords" />
|
||
|
<meta name="abstract" content="When you create a new user profile, the default is to make the password the same as the user profile name." />
|
||
|
<meta name="description" content="When you create a new user profile, the default is to make the password the same as the user profile name." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvpwdlvl.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="avoidefpwd" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Avoid default passwords</title>
|
||
|
</head>
|
||
|
<body id="avoidefpwd"><a name="avoidefpwd"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Avoid default passwords</h1>
|
||
|
<div><p>When you create a new user profile, the default is to make the
|
||
|
password the same as the user profile name.</p>
|
||
|
<p>Default passwords provide an opportunity for someone to enter your system,
|
||
|
if someone knows your policy for assigning profile names and knows that a
|
||
|
new person is joining your organization.</p>
|
||
|
<p>When you create new user profiles, consider assigning a unique, non-trivial
|
||
|
password instead of using the default password. Tell the new user the password
|
||
|
confidentially, such as in a “Welcome to the System” letter that outlines
|
||
|
your security policies. Require the user to change the password the first
|
||
|
time that the user signs on by setting the user profile to <span class="cmdname">PWDEXP(*YES)</span>.</p>
|
||
|
<div class="p">You can use the <span class="cmdname">Analyze Default Passwords (ANZDFTPWD)</span> command
|
||
|
to check all the user profiles on your system for default passwords. When
|
||
|
you print the report, you have the option of specifying that the system should
|
||
|
take action (such as disabling the user profile) if the password is the same
|
||
|
as the user profile name. The <span class="cmdname">ANZDFTPWD</span> command prints
|
||
|
a list of the profiles that it found and any action that it took.<div class="note"><span class="notetitle">Note:</span> Passwords
|
||
|
are stored on your system in one-way encrypted form. They cannot be decrypted.
|
||
|
The system encrypts the specified password and compares it to the stored password
|
||
|
just as it would check a password when you sign on to the system.
|
||
|
If you are auditing authority failures (*AUTFAIL), the system will write a
|
||
|
PW audit journal entry for each user profile that does not have a default
|
||
|
password (for systems running V4R1 or earlier releases). Beginning with V4R2,
|
||
|
the system does not write PW audit journal entries when you run the <span class="cmdname">ANZDFTPWD</span> command.</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdlvl.htm" title="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification.">Password level</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|