ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakz_5.4.0.1/rzakzverifypwdlvl.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Verify passwords when changing password levels" />
<meta name="abstract" content="Prior to changing your Password Level (QPWDLVL) value, you should verify your user profiles contain passwords for the level you are going to. There are two character-based methods for analyzing the profiles on your system." />
<meta name="description" content="Prior to changing your Password Level (QPWDLVL) value, you should verify your user profiles contain passwords for the level you are going to. There are two character-based methods for analyzing the profiles on your system." />
<meta name="DC.Relation" scheme="URI" content="rzakzpasswordoverview.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakzverifypwdlvl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Verify passwords when changing password levels</title>
</head>
<body id="rzakzverifypwdlvl"><a name="rzakzverifypwdlvl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Verify passwords when changing password levels</h1>
<div><p>Prior to changing your <span class="uicontrol">Password Level</span> (QPWDLVL)
value, you should verify your user profiles contain passwords for the level
you are going to. There are two character-based methods for analyzing the
profiles on your system.</p>
<div class="section"><ul><li>The first method is to use the PRTUSRPRF (Print User Profile) command.
When this command is used with the *PWDLVL value for the TYPE parameter, a
report is built that contains a list of all the profiles on the system and
indicates if the profile has a password for QPWDLVL 0, 1, 2, or 3. Complete
the following steps to analyze your system: <ol><li>Type PRTUSRPRF TYPE(*PWDLVL).</li>
<li>Type WRKSPLF (Work with spooled file).</li>
<li>Type 5 (Display) next to the filename of the report. The filename will
always be QPSECUSR.</li>
<li>View the report to determine which profiles have passwords for the <span class="uicontrol">Password
level</span> you want to change to.</li>
</ol>
</li>
<li>The second method is to use the output from the DSPUSRPRF (Display User
Profile) command. The DSPUSRPRF command can be used to direct user profile
information for every profile on the system to an outfile. The populated outfile
can be used in an application or in an interactive SQL SELECT statement to
determine which profiles have passwords for the QPWDLVL you want to change
to. Complete the following steps to analyze your system: <ol><li>When you want to get the information for all the profiles on the system,
you must direct the output from the DSPUSRPRF command to an outfile. When
the value for the TYPE parameter is *BASIC, the outfile must be the same format
as the IBM<sup>®</sup> model
outfile QSYS/QADSPUPB. There are two fields in the target outifile that contain
the desired information. The field names are UPENPW (Y indicates the user
has a password for QPWDLVL 0 and 1) and UPENPH (Y indicates the user has a
password for password level 2 and 3). <p>If the outfile specified on the DSPUSRPRF
command does not exist when the command is issued, the command will create
the file. If the file exists when the DSPUSRPRF command is issued, it must
be the same format as QSYS/QADSPUPB the model outfile. It is a good idea to
create the target outfile before you issue the DSPUSRPRF command. The following
step is recommended, but not always required:</p>
<p>CRTDUPOBJ OBJ(QADSPUPB)
FROMLIB(QSYS) OBJTYPE(*FILE) TOLIB(1111) NEWOBJ(nnnn) Where 1111 is the name
of an existing library where you want the target outfile to go and nnnn is
the name of the target outfile.</p>
</li>
<li>If you have a large number of profiles of your system, the outfile might
not hold all of the data. To ensure the outfile can handle all the data, issue
the following CHGPF (Change Physical File) command against the file you just
created: <p>CHGPF FILE(1111/nnnn) SIZE(*NOMAX)</p>
</li>
<li>Use the DSPUSRPRF command to collect the data for all the profiles on
your system: <p>DSPUSRPRF USRPRF(*ALL) TYPE(*BASIC) OUTPUT(*OUTFILE) OUTFILE(1111/nnnn)</p>
</li>
<li>If you want to use an interactive SQL SELECT statement to examine which
the profiles for valid passwords, use the following commands: <ol type="a"><li>Type STRSQL.</li>
<li>Type SELECT UPUPRF, UPENPW, UPENPH FROM 1111/nnnn.</li>
</ol>
<p>OR</p>
<p>You can write an application that extracts the UPENPW and
UPENPH field data from your target outfile.</p>
</li>
</ol>
</li>
</ul>
</div>
</div>
<div><div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzakzpasswordoverview.htm" title="Use i5/OS password system values to control the password values and password restrictions.">System values: Password overview</a></div>
</div>
</div>
</body>
</html>