ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvpasswdlvlchg.htm

78 lines
5.1 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Plan password level changes" />
<meta name="abstract" content="Operations with other systems may fail or users may not be able to sign on to the system if you havent planned for the password level change adequately." />
<meta name="description" content="Operations with other systems may fail or users may not be able to sign on to the system if you havent planned for the password level change adequately." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdlvl.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvqpwdlvlone.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvqpwdlvltwo.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvqpwdlvlthree.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="passwdlvlchg" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Plan password level changes</title>
</head>
<body id="passwdlvlchg"><a name="passwdlvlchg"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Plan password level changes</h1>
<div><p>Operations with other systems may fail or users may not be able
to sign on to the system if you havent planned for the password level change
adequately.</p>
<p>Changing password levels should be planned carefully. Prior to changing
the QPWDLVL system value, make sure you have saved your security data using
the SAVSECDTA or SAVSYS command. If you have a current backup, you will be
able to reset the passwords for all users profiles if you need to return
to a lower password level.</p>
<p>Products that you use on the system and on clients with which the system
interfaces, may have problems when the password level (QPWDLVL) system value
is set to 2 or 3. Any product or client that sends passwords to the system
in an encrypted form, rather than in the clear text a user enters on a signon
screen, must be upgraded to work with the new password encryption rules for
QPWDLVL 2 or 3. Sending the encrypted password is known as password substitution.</p>
<p>Password substitution is used to prevent a password from being captured
during transmission over a network. Password substitutions generated by older
clients that do not support the new algorithm for QPWDLVL 2 or 3, even if
the specific characters are correct, will not be accepted. This also applies
to any iSeries™ to iSeries peer
access which utilizes the encrypted values to authenticate from one system
to another.</p>
<p>The problem is compounded by the fact that some affected products, such
as Java™ Toolbox,
are provided as middle-ware. A third party product that incorporates a prior
version of one of these products will not work correctly until rebuilt using
an updated version of the middle-ware. Given this and other scenarios, it
is easy to see why careful planning is necessary before changing the QPWDLVL
system value.</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvqpwdlvlone.htm">Considerations for changing QPWDLVL from 0 to 1</a></strong><br />
Keep these items in mind as you consider changing your password level.</li>
<li class="ulchildlink"><strong><a href="rzamvqpwdlvltwo.htm">Considerations for changing QPWDLVL from 0 or 1 to 2</a></strong><br />
Password level 2 introduces the use of case sensitive passwords up to 128 characters in length, also called passphrases, and provides the maximum ability to revert back to QPWDLVL 0 or 1.</li>
<li class="ulchildlink"><strong><a href="rzamvqpwdlvlthree.htm">Considerations for changing QPWDLVL from 2 to 3</a></strong><br />
Keep these items in mind as you consider changing your password level.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdlvl.htm" title="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification.">Password level</a></div>
</div>
</div>
</body>
</html>