ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqpwdvldpgm.htm

133 lines
7.1 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Password validation program" />
<meta name="abstract" content="This system value provides the ability for a user-written program to do additional validation on passwords." />
<meta name="description" content="This system value provides the ability for a user-written program to do additional validation on passwords." />
<meta name="DC.Relation" scheme="URI" content="rzamvpwdsysval.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzaly/rzalyiasptypes.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qpwdvldprg" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Password validation program</title>
</head>
<body id="qpwdvldprg"><a name="qpwdvldprg"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Password validation program</h1>
<div><p>This system value provides the ability for a user-written program
to do additional validation on passwords.</p>
<p>The current and new passwords are passed to the validation program without
encryption. The validation program could store passwords in a database file
and compromise security on the system. </p>
<p>See the following table for an overview of the password validation program
in each position system value.</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the password validation program
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e28">Character-based interface</th>
<th valign="bottom" id="d0e30">Description </th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e28 ">*NONE </td>
<td valign="top" headers="d0e30 ">No validation program is used. </td>
</tr>
<tr><td valign="top" headers="d0e28 ">*REGFAC </td>
<td valign="top" headers="d0e30 ">The validation program name is retrieved from the registration
facility. </td>
</tr>
<tr><td valign="top" headers="d0e28 "><em>program-specification</em> </td>
<td valign="top" headers="d0e30 ">Specify the name of the user-written validation program,
from 1 through 10 characters. A program name cannot be specified when the
current or pending value of the password level system value is 2 or 3.</td>
</tr>
<tr><td valign="top" headers="d0e28 "><em>library-name</em></td>
<td valign="top" headers="d0e30 ">Specify the name of the library where the user-written
program is located. If the library name is not specified, the library list
of the user changing the system value is used to search for the program. QSYS
is the recommended library.</td>
</tr>
<tr><td colspan="2" valign="top" headers="d0e28 d0e30 "><div class="note"><span class="notetitle">Note:</span> There is no equivalent iSeries™ Navigator
function for this system value.</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>Relationship to security policy</strong></p>
<p>A password validation program ensures that users are creating valid passwords
that the system accepts; however, since new and old passwords are not encrypted
when they are transferred to the validation program, they pose a security
threat to your system. If the validation program stores passwords in a database
file, an intruder could gain access and compromise security on the system.
However if you decide that validating passwords is necessary to your enterprise,
you should have any program that is designed inspected by your security officer
and limit access to this program and any storage files it uses. </p>
<div class="p">
<div class="tablenoborder"><a name="qpwdvldprg__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qpwdvldprg__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference . Provides details
for the password validation program system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e81">Character-based interface name</th>
<th valign="bottom" id="d0e83">QPWDVLDPGM</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e81 ">Authority</td>
<td valign="top" headers="d0e83 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e81 ">How to access</td>
<td valign="top" headers="d0e83 "><p><strong>iSeries Navigator</strong>: NA</p>
<div class="p"><strong>Character-based
interface</strong><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QPWDVLDPGM</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e81 ">Changes take effect</td>
<td valign="top" headers="d0e83 ">The next time a password is changed</td>
</tr>
<tr><td valign="top" headers="d0e81 ">Default value</td>
<td valign="top" headers="d0e83 ">*NONE</td>
</tr>
<tr><td valign="top" headers="d0e81 ">Recommended value</td>
<td valign="top" headers="d0e83 ">*NONE</td>
</tr>
<tr><td valign="top" headers="d0e81 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e83 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e81 ">Special considerations </td>
<td valign="top" headers="d0e83 ">You must store a password validation program in the
system auxiliary storage pool (ASP) or a basic user ASP. </td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more information, see the section on using a password validation program
in Chapter 3, <span class="q">"Security System Values"</span> of the<a href="../books/sc415302.pdf" target="_blank"> Security Reference</a> manual.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvpwdsysval.htm" title="In addition to setting signon system values, you also need to decide rules regarding users passwords">Password system values</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzaly/rzalyiasptypes.htm">Types of disk pools</a></div>
</div>
</div>
</body>
</html>