Learn about the system values that are important in client/server
environments.
A system value contains control information that operates certain parts
of the system. A user can change the system values to define the work environment.
Examples of system values are system date and library list.
The iSeries™ server
has many system values. The following values are of particular interest in
a client/server environment.
- QAUDCTL
- Audit control. This system value contains the on and off switches for
object and user level auditing. Changes that are made to this system value
take effect immediately.
- QAUDENDACN
- Audit journal error action. This system value specifies the action the
system takes if errors occur when an audit journal entry is being sent by
the operating system security audit journal. Changes that are made to this
system value take effect immediately.
- QAUDFRCLVL
- Force audit journal. This system value specifies the number of audit journal
entries that can be written to the security auditing journal before the journal
entry data is forced to auxiliary storage. Changes that are made to this system
value take effect immediately.
- QAUDLVL
- Security auditing level. Changes made to this system value take effect
immediately for all jobs running on the system.
- QAUTOVRT
- Determines whether the system should automatically create virtual devices.
This is used with display station pass-through and Telnet sessions.
- QCCSID
- The coded character set identifier, which identifies:
- A specific set of encoding scheme identifiers
- Character set identifiers
- Code page identifiers
- Additional coding-related information that uniquely identifies the coded
graphic character representation needed by the system
This value is based on the language that is installed on the system.
It determines whether data must be converted to a different format before
being presented to the user. The default value is 65535, which means this
data is not converted.
- QCTLSBSD
- The controlling subsystem description
- QDSPSGNINF
- Determines whether the sign-on information display shows after sign-on
by using the 5250 emulation functions (workstation function, PC5250).
- QLANGID
- The default language identifier for the system. It determines the default
CCSID for a user's job if the job CCSID is 65535. The clients and servers
use this default job CCSID value to determine the correct conversion for data
that is exchanged between the client and the server.
- QLMTSECOFR
- Controls whether a user with all-object (*ALLOBJ) or service (*SERVICE)
special authority can use any device. If this value is set to 1, all users
with *ALLOBJ or *SERVICE special authorities must have specific *CHANGE authority
to use the device.
This affects virtual devices for 5250 emulation. The
shipped value for this is 1. If you want authorized users to sign-on to PCs,
you must either give them specific authority to the device and controller
that the PC uses or change this value to 0.
- QMAXSIGN
- Controls the number of consecutive incorrect sign-on attempts by local
and remote users. Once the QMAXSIGN value is reached, the system determines
the action with the QMAXSGNACN system value.
If the QMAXSGNACN value is
1 (vary off device), the QMAXSIGN value does not affect a user who enters
an incorrect password on the PC when they are starting the connection.
This
is a potential security exposure for PC users. The QMAXSGNACN should be set
to either 2 or 3.
- QMAXSGNACN
- Determines what the system does when the maximum number of sign-on attempts
is reached at any device. You can specify 1 (vary off device), 2 (disable
the user profile) or 3 (vary off device and disable the user profile). The
shipped value is 3.
- QPWDEXPITV
- The number of days for which a password is valid. Changes that are made
to this system value take effect immediately.
- QPWDLMTAJC
- Limits the use of adjacent numbers in a password. Changes that are made
to this system value take effect the next time a password is changed.
- QPWDLMTCHR
- Limits the use of certain characters in a password. Changes that are made
to this system value take effect the next time a password is changed.
- QPWDLMTREP
- Limits the use of repeating characters in a password. Changes that are
made to this system value take effect the next time a password is changed.
- QPWDLVL
- Determines the level of password support for the system, which includes
the password length that the iSeries server will support, the type of encryption
used for passwords, and whether iSeries NetServer™ passwords for the Windows® clients
will be removed from the system. Changes that are made to this system value
take effect on the next IPL.
Attention: If you set this value to
support long passwords, you must upgrade all client PCs for long password
support (Express V5R1) before setting this value. Otherwise, all pre-V5R1
clients will be unable to log onto the iSeries server.
- QPWDMAXLEN
- The maximum number of characters in a password. Changes that are made
to this system value take effect the next time a password is changed.
- QPWDMINLEN
- The minimum number of characters in a password. Changes that are made
to this system value take effect the next time a password is changed.
- QPWDPOSDIF
- Controls the position of characters in a new password. Changes that are
made to this system value take effect the next time a password is changed.
- QPWDRQDDGT
- Requires a number in a new password. Changes that are made to this system
value take effect the next time a password is changed.
- QPWDRQDDIF
- Controls whether the password must be different than previous passwords.
- QPWDVLDPGM
- Password validation program name and library that are supplied by the
computer system. Both an object name and library name can be specified. Changes
that are made to this system value take effect the next time a password is
changed.
- QRMTSIGN
- Specifies how the system handles remote sign-on requests. A TELNET session
is actually a remote sign-on request. This value determines several actions,
as follows:
- '*FRCSIGNON': All remote sign-on sessions are required to go through normal
sign-on processing.
- '*SAMEPRF': For 5250 display station pass-through or workstation function,
when the source and target user profile names are the same, the sign-on may
be bypassed for remote sign-on attempts. When using TELNET, the sign-on may
be bypassed.
- '*VERIFY': After verifying that the user has access to the system, the
system allows the user to bypass the sign-on.
- '*REJECT': Allows no remote sign-on for 5250 display station pass-through
or work station function. When QRMTSIGN is set to *REJECT, the user can still
sign-on to the system by using TELNET. These sessions will go through normal
processing. If you want to reject all TELNET requests to the system, end the
TELNET servers.
- ' program library': The user can specify a program
and library (or *LIBL) to decide which remote sessions are allowed and which
user profiles can be automatically signed on from which locations. This option
is only valid for passthrough.
This value also specifies a program name to run that determines which
remote sessions are to be allowed.
The shipped value is *FRCSIGNON.
If you want users to be able to use the bypass sign-on function of the 5250
emulator, change this value to *VERIFY.
- QSECURITY
- System security level. Changes that are made to this system value take
effect at the next IPL.
- 20 means that the system requires a password to sign-on.
- 30 means that the system requires password security at sign-on and object
security at each access. You must have authority to access all system resources.
- 40 means that the system requires password security at sign-on and object
security at each access. Programs that try to access objects through unsupported
interfaces fail.
- 50 means that the system requires password security at sign-on, and users
must have authority to access objects and system resources. The security and
integrity of the QTEMP library and user domain objects are enforced. Programs
that try to access objects through interfaces that are not supported or that
try to pass unsupported parameter values to supported interfaces will fail.
- QSTRUPPGM
- The program that runs when the controlling subsystem starts or when the
system starts. This program performs set up functions such as starting subsystems.
- QSYSLIBL
- The system part of the library list. This part of the library list is
searched before any other part. Some client functions use this list to search
for objects.