Sets the password level for the system. (QPWDLVL)
Password Level, also known as QPWDLVL, is a member of the password category of i5/OS™ system values. You can use this system value to set the password level for the system. To learn more, keep reading.
| Quick reference | |
|---|---|
| Location | In iSeries™ Navigator, select your system, |
| Special authority | All object (*ALLOBJ) and security administrator (*SECADM) |
| Default value | Short passwords using a limited character set (0) |
| Changes take effect | At the next restart of the system |
| Lockable | Yes Lock function of security-related system values (Click for details) |
| Special considerations | The password level system value cannot be changed from 3 to a value
of 0 or 1. The password level system value must be changed from 3 to 2 and
then to 0 or 1. The reason for this restriction is that all passwords used
at password level 0 or 1 are removed from the system when you change to the
password level 3. While the system is at password level 2, you need to make sure that you change your user profiles and give them a password that works at password level 0 or 1 (10 characters or less for the password) prior to changing from 2 to 0 or 1. Otherwise, users will not be able to sign on to your system. For more information about how to check user profiles to make sure their passwords are valid for the password level you want to change to, see Verify passwords when changing password levels. |
What can I do with this system value?
You can specify the password level used on the system.
The password level of the system can be set to allow for user profile passwords from 1 through 10 characters or to allow for user profile passwords from 1 through 128 characters.
The password level can be set to allow a passphrase as the password value. The term passphrase is sometimes used in the computer industry to describe a password value that can be very long and has few, if any, restrictions on the characters used in the password value. Blanks can be used between letters in a passphrase, which allows you to have a password value that is a sentence or sentence fragment. The only restrictions on a passphrase are that it cannot start with an asterisk (*) and trailing blanks are removed.
Changing the password level on the system from 1-10 character passwords to 1-128 character passwords requires careful consideration. If your system communicates with other systems in a network, then all systems must be able to handle the longer passwords.
Before you change this system value, you should read "Planning Password Level Changes" in the iSeries Security Reference.
Possible options are:
- Short passwords using a limited character set. (0)
Supports user profile passwords with a length of 1-10 characters. The allowable characters are A-Z, 0-9, and the following special characters: dollar sign ($), at sign (@), number sign (#), and underscore (_).
This value should be used if your server communicates with other servers in a network and those systems are running with a password level of 0 or an operating system release earlier than V5R1M0.
This value should be used if your server communicates with any other server that limits the length of passwords from 1-10 characters.
This value must be used if your server communicates with the iSeries Support for Windows® Network Neighborhood (iSeries NetServer™) product and your server communicates with other servers using passwords from 1-10 characters.
When the password level of the system is set to this value, the operating system will create the encrypted password for use at password level 2 and 3. The password characters used at level 0 are the same characters that will be available at levels 2 and 3.
- Short passwords using a limited character set. Disable iSeries NetServer on Windows (R) 95/98/ME
clients. (1)
This value is equivalent to the support for password level 0 with the following exception. iSeries NetServer passwords for Windows 95/98/ME clients will be removed from the system. If you use the client support for the iSeries NetServer product, you cannot use password level 1.
The NetServer product for Windows 95/98/ME will not connect to a system where the password level is set to 1 or 3. NetServer passwords are removed from the system at these password levels because of security concerns with the weak encryption used for NetServer passwords.
- Long passwords using an unlimited character set. (2)
This value supports user profile passwords from 1-128 characters. Uppercase and lowercase characters are allowed. Passwords can consist of any characters. The passwords are case sensitive.
This level is viewed as a compatibility level. When you sign on a system, the password that you use will be used to authenticate signon and other password tests. This level allows for a move back to password level 0 or 1 as long as a password meets the length and syntax requirements of password level 0 or 1.
This level can be used if your system communicates with the iSeries Support for Windows Network Neighborhood (iSeries NetServer) product as long as your password is 1-14 characters in length.
You cannot use level 2 if your system communicates with:
- Other systems in a network that are running with either a password level of 0 or 1 or an operating system release earlier than V5R1M0.
- Any other system that limits the length of passwords from 1-10 characters.
- PCs that are using Client Access V5R1 or earlier.
- Long passwords using an unlimited character set. Disable iSeries NetServer on Windows 95/98/ME
clients. (3) This level supports user profile passwords from 1-128 characters.
Upper and lower case characters are allowed. Passwords can consist of any
characters and the passwords are case sensitive.
Before you change the password level to 3, you should read "Planning Password Level Changes" in the iSeries Security Reference book.
Moving from password level 3 back to 0 or 1 is not allowed without first changing to password level 2. Password level 2 allows for creation of passwords that can be used at password level 0 or 1 as long as the password meets the length and syntax rules for password level 0 or 1.
You cannot use this level 3 if your system communicates with:
- Other systems in a network that are running with either a password level of 0 or 1 or an operating system release earlier than V5R1M0.
- Any other system that limits the length of passwords from 1-10 characters.
- The iSeries Support for Windows Network Neighborhood (iSeries NetServer) product.
- PCs that are using Client Access V5R1 or earlier.
The NetServer product for Windows 95/98/ME will not connect to a system where the password level is set to 1 or 3. NetServer passwords are removed from the system at these password levels because of security concerns with the weak encryption used for NetServer passwords. The passwords are easy to uncode.
Where can I get more information about this system value?
To learn more, go to the password system values overview topic. You can go to the Verify passwords when changing password levels topic for information about verifying password levels when changing passwords. Or, if you are looking for a specific system value or category of system values, try using the system value finder.