To support some network functions and communications requirements, iSeries™ servers provide a secure method for storing passwords that can be decrypted. Your system uses these passwords, for example, to establish a SLIP connection with another system.
Systems store these special passwords in a secure area that is not accessible to any user programs or interfaces. Only explicitly authorized system functions can set these passwords and retrieve them.
For example, when you use a stored password for dial-out SLIP connections, you set the password with the system command that creates the configuration profile (WRKTCPPTP). You must have *IOSYSCFG to use the command. A specially coded connection script retrieves the password and decrypts it during the dial-out procedure. The decrypted password is not visible to the user or in any job log.
As a security administrator, you need to decide whether you will allow passwords that can be decrypted to be stored on your system. You use the Retain Server Security Data (QRETSVRSEC) system value to specify this. The default is 0 (No). Therefore, your system will not store passwords that can be decrypted unless you explicitly set this system value.
If you have network or communications requirements for stored passwords, you should set appropriate policies and understand the policies and practices of your communications partners. For example, when you use SLIP to communicate with another iSeries server, both systems should consider setting up special user profiles for establishing the sessions. The special profiles should have limited authority on the system. This limits the impact to your system if a stored password is compromised on a partner system.