Force user profile to change their password on as/400

1,675 pts.
Tags:
AS/400
AS/400 user administration
AS/400 user permissions
Hi ,

I need to force certain users to change theier passwords for every 45 days,if they not theri user profile should be disable.

Do we have any options to do it from green screen.

 

Thanks in advance

Version:v5r3

 

ASKED: June 9, 2010  8:06 AM
UPDATED: July 4, 2010  9:46 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

yes there is…

check out this wrksysval *sec qpwdexpitv

I think that with this system value you only force to expirer the pwd but to disaled the usrprf you will need to create a pgm that check the user and disaled the ones with expired pwd.

=====================================================

First, set system value QPWDEXPITV to whatever it should be set system-wide. Then set PWDEXPITV() to 45 days for the “certain users” that need that setting. That prepares the system for the basic programming that follows.

On a daily basis, run a simple program that does DSPUSRPRF *ALL OUTPUT(*OUTFILE) and read through the file. The records will tell you if a profile has a 45-day password limit and if the password has expired. If so, then run CHGUSRPRF STATUS(*DISABLED) for that user.

The profiles with 45-day password expiration limits will already have expired passwords, but the programming also disables them.

Tom

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • qmaster
    thanks for quick replay.... i belive the above command affects all the user profiles...but i want it to be only for the cetain users..(not for all) thanks again.
    1,675 pointsBadges:
    report
  • TomLiotta
    i belive the above command affects all the user profiles…but i want it to be only for the cetain users..(not for all) Then you should review the PWDEXPITV() attribute of individual user profiles. The attribute defaults to *SYSVAL which refers to the QPWDEXPITV system value; but you can set values for individuals. However, the rest of your question -- to disable them if they don't change their password in the interval specified -- takes additional steps. Tom
    125,585 pointsBadges:
    report
  • WoodEngineer
    When a user's password has expired, the system does not allow them to log on until a new password is supplied. Fortunately, the system reminds the user at that time and presents the necessary screens for the password change. From the user's point of view, this has the same effect as a disabled account, i.e. no access to the system. This may achieve the desired effect without writing any special code.
    6,045 pointsBadges:
    report
  • pdraebel
    I think you should do GO SECTOOLS. The options 2, 3 and 4 on the menu are the ones you need to look into. Option 4 submits a job that will execute an action (eg DISABLE) against profiles that have not been active for a number of days. Option 3 allows you to setup a list of profiles that are excluded from these actions. If I am not mistaken option 4 even will schedule the checking and disabling job to run on a daily basis. You will have to verify this, but I think that is the solution you are looking for: no extra programming, just a quick setup and done.
    2,370 pointsBadges:
    report
  • TomLiotta
    When a user’s password has expired, the system does not allow them to log on until a new password is supplied. That's true. However, it's not clear if that's sufficient. A profile with expired password can still be logged on to by supplying a new password. But a disabled profile can't be logged on to until the profile is *ENABLED. If there is a requirement to set the profile as *DISABLED, additional programming is needed. Option 4 submits a job that will execute an action (eg DISABLE) against profiles that have not been active for a number of days. That is also true. But it doesn't address the question. A profile that hasn't been used is different from a profile that's regularly used but doesn't have a changed password. Tom
    125,585 pointsBadges:
    report
  • Splat
    We use a combination of QPWDEXPITV and a daily scheduled run of the ANZPRFACT.
    6,255 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following