105 lines
6.8 KiB
HTML
105 lines
6.8 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
<!DOCTYPE html
|
|||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
<meta name="security" content="public" />
|
|||
|
<meta name="Robots" content="index,follow" />
|
|||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
<meta name="DC.Type" content="concept" />
|
|||
|
<meta name="DC.Title" content="Change to a lower password level" />
|
|||
|
<meta name="abstract" content="There are considerations for you to make before you change to a lower password level." />
|
|||
|
<meta name="description" content="There are considerations for you to make before you change to a lower password level." />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvpwdlvl.htm" />
|
|||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
<meta name="DC.Identifier" content="changelowerpwd" />
|
|||
|
<meta name="DC.Language" content="en-us" />
|
|||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
<!-- US Government Users Restricted Rights -->
|
|||
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
<title>Change to a lower password level</title>
|
|||
|
</head>
|
|||
|
<body id="changelowerpwd"><a name="changelowerpwd"><!-- --></a>
|
|||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
<h1 class="topictitle1">Change to a lower password level</h1>
|
|||
|
<div><p>There are considerations for you to make before you change to a
|
|||
|
lower password level.</p>
|
|||
|
<p>Returning to a lower QPWDLVL value, while possible, is not going to be
|
|||
|
a completely painless operation. In general, the mind set should be that changing
|
|||
|
from lower QPWDLVL values to higher QPWDLVL values is a one-way trip. However,
|
|||
|
there may be cases where a lower QPWDLVL value must be reinstated.</p>
|
|||
|
<p>The following sections each discuss the work required to move back to a
|
|||
|
lower password level. </p>
|
|||
|
<div class="section"><h4 class="sectiontitle">Considerations for changing from QPWDLVL 3 to 2</h4><p> This
|
|||
|
change is relatively easy. Once the QPWDLVL is set to 2, the administrator
|
|||
|
needs to determine if any user profile is required to contain iSeries™ NetServer™ passwords
|
|||
|
or password level 0 or 1 passwords and, if so, change the password of the
|
|||
|
user profile to an allowable value.</p>
|
|||
|
<p>Additionally, the password system
|
|||
|
values may have to be changed back to values compatible with iSeries NetServer and
|
|||
|
password level 0 or 1 passwords, if those passwords are needed.</p>
|
|||
|
</div>
|
|||
|
<div class="section"><h4 class="sectiontitle">Considerations for changing from QPWDLVL 3 to 1 or 0</h4><p>Because
|
|||
|
of the very high potential for causing problems for the system, such as no
|
|||
|
one can being able to sign on because all of the password level 0 and 1 passwords
|
|||
|
have been cleared, this change is not supported directly. To change from QPWDLVL
|
|||
|
3 to QPWDLVL 1 or 0, the system must first make the intermediary change to
|
|||
|
QPWDLVL 2.</p>
|
|||
|
</div>
|
|||
|
<div class="section"><h4 class="sectiontitle">Considerations for changing from QPWDLVL 2 to 1</h4><div class="p">Prior
|
|||
|
to changing QPWDLVL to 1, the administrator should use the DSPAUTUSR or PRTUSRPRF
|
|||
|
TYPE(*PWDINFO) commands to locate any user profiles that do not have a password
|
|||
|
level 0 or 1 password. If the user profile will require a password after the
|
|||
|
QPWDLVL is changed, the administrator should ensure that a password level
|
|||
|
0 and 1 password is created for the profile using one of the following mechanisms:<ul><li>Change the password for the user profile using the <span class="cmdname">CHGUSRPRF</span> or <span class="cmdname">CHGPWD
|
|||
|
CL</span> command or the <span class="cmdname">QSYCHGPW</span> API. This will cause
|
|||
|
the system to change the password that is usable at password levels 2 and
|
|||
|
3; and the system also creates an equivalent uppercase password that is usable
|
|||
|
at password levels 0 and 1. The system is only able to create the password
|
|||
|
level 0 and 1 password if the following conditions are met:<ul><li>The password is 10 characters or less in length.</li>
|
|||
|
<li>The password can be converted to uppercase EBCDIC characters A-Z, 0-9,
|
|||
|
@, #, $, and underscore.</li>
|
|||
|
<li>The password does not begin with a numeric or underscore character.</li>
|
|||
|
</ul>
|
|||
|
For example, changing the password to a value of RainyDay would result
|
|||
|
in the system generating a password level 0 and 1 password of RAINYDAY. But
|
|||
|
changing the the password value to Rainy Days In April would cause the system
|
|||
|
to clear the password level 0 and 1 password, as the password is too long
|
|||
|
and it contains blanks. No message or indication is produced if the password
|
|||
|
level 0 or 1 password could not be created.</li>
|
|||
|
<li>Sign on to the system through a mechanism that presents the password in
|
|||
|
clear text (does not use password substitution). If the password
|
|||
|
is valid and the user profile does not have a password that is usable at password
|
|||
|
levels 0 and 1, the system creates an equivalent uppercase password that is
|
|||
|
usable at password levels 0 and 1. The system is only able to create the password
|
|||
|
level 0 and 1 password if the conditions listed above are met.</li>
|
|||
|
</ul>
|
|||
|
The administrator can then change QPWDLVL to 1. All iSeries NetServer passwords
|
|||
|
are cleared when the change to QPWDLVL 1 takes effect (next IPL). </div>
|
|||
|
</div>
|
|||
|
<div class="section"><h4 class="sectiontitle">Considerations for changing from QPWDLVL 2 to 0</h4><p>The
|
|||
|
considerations are the same as for changing from QPWDLVL 2 to 1 except that
|
|||
|
all iSeries NetServer passwords
|
|||
|
are retained when the change takes effect. </p>
|
|||
|
</div>
|
|||
|
<div class="section"><h4 class="sectiontitle">Considerations for changing from QPWDLVL 1 to 0</h4><p>After
|
|||
|
changing QPWDLVL to 0, the administrator should use the DSPAUTUSR or PRTUSRPRF
|
|||
|
commands to locate any user profiles that do not have an iSeries NetServer password.
|
|||
|
If the user profile requires an iSeries NetServer password, it can be created
|
|||
|
by changing the user’s password or signing on through a mechanism that presents
|
|||
|
the password in clear text. The administrator can then change QPWDLVL to 0.</p>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<div>
|
|||
|
<div class="familylinks">
|
|||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdlvl.htm" title="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification.">Password level</a></div>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
</body>
|
|||
|
</html>
|