Verify passwords when changing password levels

Prior to changing your Password Level (QPWDLVL) value, you should verify your user profiles contain passwords for the level you are going to. There are two character-based methods for analyzing the profiles on your system.

The first method is to use the PRTUSRPRF (Print User Profile) command. When this command is used with the *PWDLVL value for the TYPE parameter, a report is built that contains a list of all the profiles on the system and indicates if the profile has a password for QPWDLVL 0, 1, 2, or 3. Complete the following steps to analyze your system:
1. Type PRTUSRPRF TYPE(*PWDLVL).
2. Type WRKSPLF (Work with spooled file).
3. Type 5 (Display) next to the filename of the report. The filename will always be QPSECUSR.
4. View the report to determine which profiles have passwords for the Password level you want to change to.
The second method is to use the output from the DSPUSRPRF (Display User Profile) command. The DSPUSRPRF command can be used to direct user profile information for every profile on the system to an outfile. The populated outfile can be used in an application or in an interactive SQL SELECT statement to determine which profiles have passwords for the QPWDLVL you want to change to. Complete the following steps to analyze your system:
1. When you want to get the information for all the profiles on the system, you must direct the output from the DSPUSRPRF command to an outfile. When the value for the TYPE parameter is *BASIC, the outfile must be the same format as the IBM^® model outfile QSYS/QADSPUPB. There are two fields in the target outifile that contain the desired information. The field names are UPENPW (Y indicates the user has a password for QPWDLVL 0 and 1) and UPENPH (Y indicates the user has a password for password level 2 and 3).
  If the outfile specified on the DSPUSRPRF command does not exist when the command is issued, the command will create the file. If the file exists when the DSPUSRPRF command is issued, it must be the same format as QSYS/QADSPUPB the model outfile. It is a good idea to create the target outfile before you issue the DSPUSRPRF command. The following step is recommended, but not always required:
  
  CRTDUPOBJ OBJ(QADSPUPB) FROMLIB(QSYS) OBJTYPE(*FILE) TOLIB(1111) NEWOBJ(nnnn) Where 1111 is the name of an existing library where you want the target outfile to go and nnnn is the name of the target outfile.
2. If you have a large number of profiles of your system, the outfile might not hold all of the data. To ensure the outfile can handle all the data, issue the following CHGPF (Change Physical File) command against the file you just created:
  CHGPF FILE(1111/nnnn) SIZE(*NOMAX)
3. Use the DSPUSRPRF command to collect the data for all the profiles on your system:
  DSPUSRPRF USRPRF(*ALL) TYPE(*BASIC) OUTPUT(*OUTFILE) OUTFILE(1111/nnnn)
4. If you want to use an interactive SQL SELECT statement to examine which the profiles for valid passwords, use the following commands:
  1. Type STRSQL.
  2. Type SELECT UPUPRF, UPENPW, UPENPH FROM 1111/nnnn.
  OR
  
  You can write an application that extracts the UPENPW and UPENPH field data from your target outfile.