ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvpwdlvl.htm

211 lines
12 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Password level" />
<meta name="abstract" content="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification." />
<meta name="description" content="This system value allows you to set a specific password environment where all user profile passwords can have the same length specification." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvpasswdlvlchg.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvchangeknownpwd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvavoidefpwd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvchangelowerpwd.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="pwdlvl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Password level</title>
</head>
<body id="pwdlvl"><a name="pwdlvl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Password level</h1>
<div><p>This system value allows you to set a specific password environment
where all user profile passwords can have the same length specification.</p>
<p>You can set the password level so that passwords can be shorter, from 1-10
characters, or longer passwords from 1-128 characters. The password level
can be set to allow a passphrase as the password value. A passphrase describes
a password value which can be very long and has few, if any, restrictions
on the characters used in the password value. You can create passphrase that
contain blanks between letters, which allows you to have a sentence or sentence
fragments for password values. The only restrictions on a passphrase are that
it cannot start with an asterisk (*) and trailing blanks will be removed.</p>
<p>See <a href="#pwdlvl__quickref">Quick reference</a> table
for an overview of the password level system value.</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the use password level system
value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e29">iSeries™ Navigator </th>
<th valign="bottom" id="d0e33">Character-based interface</th>
<th valign="bottom" id="d0e35">Description </th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e29 ">Short passwords using a limited character set. (0)</td>
<td valign="top" headers="d0e33 ">0</td>
<td valign="top" headers="d0e35 ">Password level 0 supports passwords that contain 1-10
alphanumeric characters as well as, $, @, #, and _. Use password level 0 if
your system communicates with other servers in a network and those servers
either use password level 0 passwords or run on pre-V5R1 versions of the operating
system. </td>
</tr>
<tr><td valign="top" headers="d0e29 ">Short passwords using a limited character set. Disable NetServer™ passwords
for Windows<sup>®</sup> 95/98/ME
clients. (1)</td>
<td valign="top" headers="d0e33 ">1</td>
<td valign="top" headers="d0e35 ">Password level 1 supports the same character set as
password level 0, but provides improved security because it removes all NetServer<sup>1</sup> passwords
from the system. If you require iSeries NetServer, set your password level
to 0 or 2 instead. </td>
</tr>
<tr><td valign="top" headers="d0e29 ">Long passwords using an unlimited character set. (2)</td>
<td valign="top" headers="d0e33 "> 2</td>
<td valign="top" headers="d0e35 ">Password level 2 supports passwords that contain 1-128
characters, and are case sensitive. You can use password level 2 if your system
communicates with iSeries NetServer and all user passwords are
1-14 characters long. However, do not use password level 2 if your system
communicates with other systems that use password level 0 or 1 passwords or
run on pre-V5R1 versions of the operating system.</td>
</tr>
<tr><td valign="top" headers="d0e29 ">Long passwords using an unlimited character set. Disable iSeries NetServer passwords
for Windows 95/98/ME
clients. (3)</td>
<td valign="top" headers="d0e33 ">3</td>
<td valign="top" headers="d0e35 ">Password level 3 supports passwords that contain 1-128
characters, and are case sensitive. You cannot use this level when your system
communicates with: <ul><li>Other systems in a network and those systems are running with either a
password level of 0 or 1 </li>
<li>systems that are running an operating system release less than V5R1M0
of OS/400<sup>®</sup>. </li>
<li>Any other system that limits the length of passwords from 1-10 characters. </li>
<li>The iSeries Support
for Windows Network
Neighborhood (iSeries NetServer)<sup> 1</sup> product. </li>
<li>PCs that are using versions of iSeries Access that are V5R1 or earlier
of OS/400.</li>
</ul>
</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e29 d0e33 d0e35 "><ol><li>The NetServer product
for Windows 95/98/ME
will not connect to the system when the password level is set to 1 or 3. NetServer passwords
are removed from the system at these password levels because of security concerns
with the weak encryption used for NetServer passwords. The passwords
are easy to decode.</li>
</ol>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>Relationship to security policy</strong></p>
<p>These options provide flexibility in password security based on your security
environment. Shorter passwords provide users with easier password management,
since there is less chance for misspelling or forgetting password sequences;
however, shorter passwords with specific password rules can be guessed by
a potential hacker. A longer more involved passwords or passphrases are harder
to guess, but can frustrate users and make password management more difficult.
For strict security environments you may want to provide passwords that are
longer, but provide suggestions for aiding users to remember these passwords.
Suggest that users create passphrases that are based on something personal
that they can remember easily. </p>
<p>For security environments that have less strict requirements, you can choose
a password level that allows for shorter passwords and provide specific rules
of password conduct. Whatever password level you choose, provide examples
of valid password values and suggestions for formulating original passwords
and passphrases. Stress that the passwords provided in your security policy
are merely examples and should never be used for actual password values.</p>
<div class="p">
<div class="tablenoborder"><a name="pwdlvl__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="pwdlvl__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides details
for the password level system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e170">iSeries Navigator name</th>
<th valign="bottom" id="d0e174">Password level (at next restart)</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e170 ">Character-based interface name</td>
<td valign="top" headers="d0e174 ">QPWDLVL</td>
</tr>
<tr><td valign="top" headers="d0e170 ">Authority</td>
<td valign="top" headers="d0e174 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e170 ">How to access</td>
<td valign="top" headers="d0e174 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <strong>Password Policy</strong> and select <strong>Properties</strong>.</li>
<li>On the <strong>General</strong> page, you will find the options for password level.</li>
</ol>
</div>
<div class="p"><strong>Character-based interface</strong><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QPWDLVL</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e170 ">Changes take effect</td>
<td valign="top" headers="d0e174 ">At next restart</td>
</tr>
<tr><td valign="top" headers="d0e170 ">Default value</td>
<td valign="top" headers="d0e174 ">Short passwords using a limited character set (0)</td>
</tr>
<tr><td valign="top" headers="d0e170 ">Recommended value</td>
<td valign="top" headers="d0e174 ">See Special Considerations</td>
</tr>
<tr><td valign="top" headers="d0e170 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e174 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e170 ">Special considerations </td>
<td valign="top" headers="d0e174 "><p><strong>Changing password levels</strong></p>
<p>You cannot
change password level 3 to 0 or 1. Since all passwords used at password level
0 or 1 are removed from the system when you change to the password level 3,
you must first change the password level from 3 to 2 and then to 1 or 0. </p>
<p>At
password level 2, you must change all user profile passwords to comply with
the character length specified for password level 0 or 1 (10 or less characters)
prior to changing to password level 1 or 0. Otherwise, users will not be able
to sign on to your system. </p>
<p>After changing these passwords you can verify
that user profiles to ensure their password comply with the password level
to which you are changing. See the online help for Password level for instructions. </p>
<p>For
detailed considerations and for changing password level, see the section about
planning password level changes in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>. </p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more in-depth information about this security value, see Chapter 3,
"Security System Values" in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>. </p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvpasswdlvlchg.htm">Plan password level changes</a></strong><br />
Operations with other systems may fail or users may not be able to sign on to the system if you havent planned for the password level change adequately.</li>
<li class="ulchildlink"><strong><a href="rzamvchangeknownpwd.htm">Change known passwords</a></strong><br />
Do the following to close some well-known entrances into the server that may exist on your system.</li>
<li class="ulchildlink"><strong><a href="rzamvavoidefpwd.htm">Avoid default passwords</a></strong><br />
When you create a new user profile, the default is to make the password the same as the user profile name.</li>
<li class="ulchildlink"><strong><a href="rzamvchangelowerpwd.htm">Change to a lower password level</a></strong><br />
There are considerations for you to make before you change to a lower password level.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
</div>
</div>
</body>
</html>