ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvavoidefpwd.htm

62 lines
4.1 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Avoid default passwords" />
<meta name="abstract" content="When you create a new user profile, the default is to make the password the same as the user profile name." />
<meta name="description" content="When you create a new user profile, the default is to make the password the same as the user profile name." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdlvl.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="avoidefpwd" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Avoid default passwords</title>
</head>
<body id="avoidefpwd"><a name="avoidefpwd"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Avoid default passwords</h1>
<div><p>When you create a new user profile, the default is to make the
password the same as the user profile name.</p>
<p>Default passwords provide an opportunity for someone to enter your system,
if someone knows your policy for assigning profile names and knows that a
new person is joining your organization.</p>
<p>When you create new user profiles, consider assigning a unique, non-trivial
password instead of using the default password. Tell the new user the password
confidentially, such as in a “Welcome to the System” letter that outlines
your security policies. Require the user to change the password the first
time that the user signs on by setting the user profile to <span class="cmdname">PWDEXP(*YES)</span>.</p>
<div class="p">You can use the <span class="cmdname">Analyze Default Passwords (ANZDFTPWD)</span> command
to check all the user profiles on your system for default passwords. When
you print the report, you have the option of specifying that the system should
take action (such as disabling the user profile) if the password is the same
as the user profile name. The <span class="cmdname">ANZDFTPWD</span> command prints
a list of the profiles that it found and any action that it took.<div class="note"><span class="notetitle">Note:</span> Passwords
are stored on your system in one-way encrypted form. They cannot be decrypted.
The system encrypts the specified password and compares it to the stored password
just as it would check a password when you sign on to the system.
If you are auditing authority failures (*AUTFAIL), the system will write a
PW audit journal entry for each user profile that does not have a default
password (for systems running V4R1 or earlier releases). Beginning with V4R2,
the system does not write PW audit journal entries when you run the <span class="cmdname">ANZDFTPWD</span> command.</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdlvl.htm" title="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification.">Password level</a></div>
</div>
</div>
</body>
</html>