ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamh_5.4.0.1/rzamhpwpolicies.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Password policies for service tools user IDs" />
<meta name="abstract" content="This topic describes the password policies for service tools user IDs and the process of changing Data Encryption Standard (DES) and Secure Hash Algorithm (SHA) encryption." />
<meta name="description" content="This topic describes the password policies for service tools user IDs and the process of changing Data Encryption Standard (DES) and Secure Hash Algorithm (SHA) encryption." />
<meta name="DC.Relation" scheme="URI" content="rzamhstconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamhwhatuserids.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamhaccessdst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamhchguseridsdst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamhchguseridssst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamhchguseridsstrapi.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamhrecover.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2003, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2003, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamhpwpolicies" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Password policies for service tools user IDs</title>
</head>
<body id="rzamhpwpolicies"><a name="rzamhpwpolicies"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Password policies for service tools user IDs</h1>
<div><p>This topic describes the password policies for service tools user
IDs and the process of changing Data Encryption Standard (DES) and Secure
Hash Algorithm (SHA) encryption.</p>
<div class="section"><div class="note"><span class="notetitle">Note:</span> Multiple incorrect password attempts to sign on will disable
the service tools user ID. If that occurs, you can sign on with the disabled
user ID from the console, and then reset the user ID.</div>
<p>Service tools
user IDs are separate from <span class="keyword">i5/OS™</span> user
profiles. Passwords for service tools user IDs are encrypted at different
levels for security. The default password level uses DES encryption. You should
use DES encryption if you have pre-V5R1 clients using iSeries™ Navigator to connect to service
functions such as logical partitions and disk unit management.</p>
<p>You
can change the password level to use SHA encryption, which is mathematically
impossible to reverse and provides stronger encryption and a higher level
of security. If you change to SHA encryption, however, you cannot change back
to DES encryption. Also, if you change to SHA encryption, you can no longer
connect to the service tools server with pre-V5R1 clients, such as Operations
Console. When you upgrade your password level to SHA, you need to upgrade
any clients that use these functions.</p>
</div>
<div class="section"><h4 class="sectiontitle">DES encryption</h4><p>When you use DES encryption, service
tools user IDs and passwords have the following characteristics:</p>
</div>
<div class="section"> <ul><li>Use 10-digit, uppercase user IDs.</li>
<li>Use 8-digit, case-sensitive passwords. When you create
a user ID and password, the minimum required for the password is 1 digit.
When you change a password, the minimum required is 6 digits.</li>
<li>Passwords for user IDs do not expire after 180 days. By default, the initial
passwords for IBM-supplied service tools user IDs, however, are shipped as
expired. The exception to this is the user ID 11111111. This user ID is not
expired.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">SHA encryption</h4><p>When you use SHA encryption, service
tools user IDs and passwords have the following characteristics:</p>
</div>
<div class="section"> <ul><li>Use 10-digit, uppercase user IDs.</li>
<li>Use 128-digit case-sensitive passwords. When you create
a user ID and password, the minimum required for the password is 1 digit.
When you change a password, the minimum required is 6 digits.</li>
<li>Passwords for user IDs expire after 180 days.</li>
<li>By default, passwords are initially set as expired (unless explicitly
set on the display to No).</li>
<li>Passwords can be set as expired by a security administrator.</li>
</ul>
</div>
<div class="section"><p>To change to use SHA encryption, access DST and perform the following
steps:</p>
</div>
<div class="section"> <ol><li>Sign on to DST using your service tools user ID. The Use dedicated service
tools (DST) display appears.</li>
<li>Select option 5 (Work with DST environment) and press Enter. The Work
with DST Environment display appears.</li>
<li>Select option 6 (Service tools security data) and press Enter.</li>
<li>Select option 6 (Password level) and press Enter. Press Enter again if
you are ready to go to the new password level.</li>
</ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamhstconcepts.htm" title="These concepts provide the basic information you need to get started with service tools user IDs and passwords.">Concepts for service tools user IDs and passwords</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzamhaccessdst.htm" title="The service tools user ID you use to access service tools with DST needs to have the functional privilege to use the DST environment.">Access service tools using DST</a></div>
<div><a href="rzamhchguseridsstrapi.htm" title="You can change your service tools user ID password using STRSST or the Change Service Tools User ID (QSYCHGDS) API.">Change service tools user IDs and passwords using STRSST or Change Service Tools User ID (QSYCHGDS) API</a></div>
<div><a href="rzamhrecover.htm" title="When IBM ships a server, both a QSECOFR i5/OS user profile and a QSECOFR service tools user ID are supplied. These are not the same. They exist in different locations and are used to access different functions.">Recover or reset QSECOFR passwords</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzamhchguseridsdst.htm" title="You can change a service tools user ID password using DST.">Change service tools user IDs and passwords using DST</a></div>
<div><a href="rzamhchguseridssst.htm" title="You can change a service tools user ID password using SST.">Change service tools user IDs and passwords using SST</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzamhwhatuserids.htm" title="Service tools user IDs are user IDs that are required to access service functions through dedicated service tools (DST), system service tools (SST), iSeries Navigator (for logical partitions and disk unit management), and Operations Console. Service tools user IDs are created through DST or SST and are separate from user profiles.">Service tools user IDs</a></div>
</div>
</div>
</body>
</html>