This system value provides the ability for a user-written program to do additional validation on passwords.
The current and new passwords are passed to the validation program without encryption. The validation program could store passwords in a database file and compromise security on the system.
See the following table for an overview of the password validation program in each position system value.
| Character-based interface | Description |
|---|---|
| *NONE | No validation program is used. |
| *REGFAC | The validation program name is retrieved from the registration facility. |
| program-specification | Specify the name of the user-written validation program, from 1 through 10 characters. A program name cannot be specified when the current or pending value of the password level system value is 2 or 3. |
| library-name | Specify the name of the library where the user-written program is located. If the library name is not specified, the library list of the user changing the system value is used to search for the program. QSYS is the recommended library. |
Note: There is no equivalent iSeries™ Navigator
function for this system value.
|
|
Relationship to security policy
A password validation program ensures that users are creating valid passwords that the system accepts; however, since new and old passwords are not encrypted when they are transferred to the validation program, they pose a security threat to your system. If the validation program stores passwords in a database file, an intruder could gain access and compromise security on the system. However if you decide that validating passwords is necessary to your enterprise, you should have any program that is designed inspected by your security officer and limit access to this program and any storage files it uses.
| Character-based interface name | QPWDVLDPGM |
|---|---|
| Authority | All object access (*ALLOBJ) Note: The Security Officer (QSECOFR) user profile is shipped with
these authorities.
|
| How to access | iSeries Navigator: NA Character-based
interface
|
| Changes take effect | The next time a password is changed |
| Default value | *NONE |
| Recommended value | *NONE |
| Lockable | Yes |
| Special considerations | You must store a password validation program in the system auxiliary storage pool (ASP) or a basic user ASP. |
For more information, see the section on using a password validation program in Chapter 3, "Security System Values" of the Security Reference manual.