How to determine password expiration

495 pts.
Tags:
AS/400
Biometrics
Digital certificates
Identity & Access Management
provisioning
Security tokens
Single sign-on
Recently this iSeries user wrote in with a question about password expiration. He writes, "How can I tell if a user's password does not expire? I've used the user profile report, but all it gives me for expiration values are 0's or -1's for all of the users." Can you help? Michelle Davidson Editor Search400.com

Answer Wiki

Thanks. We'll let you know when a new response is added.

Execute the following command:

DSPUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(yourlib/USRPRFS)

In the USRPRFS file created, there is a field that shows a password expiration interval. Any user with a value of -1 in this field specifies that the password never expires.

A zero means when the user was created this parameter was set to *SYSVAL and it uses the system value QPWDEXPITV to determine what the value is.

Any other numeric value means when the user was created the number of days was actually entered on this parameter.

==================================================================

The profile will expose the date of last password change and the password-change interval (e.g., 10 days). The password expiration date is PasswordChangeDate plus PasswordExpirationInterval days. Just add the number of days to the date.

Since the QPWDEXPITV system value can be changed at any time, the profile doesn’t keep a date. It is simply checked against last-change date and interval when signon occurs.

Tom

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Dalibor
    Same effect you get with PRTUSRPRF TYPE(*PWDINFO). The difference is that you get report in spool file in your OUTQ, not in OUTFILE. It's clearly to me and you can in iSeries navigator copy-paste that report to PC. Dalibor
    10 pointsBadges:
    report
  • pdraebel
    A password expiration value of -1 indicates that the expiration interval is *NOMAX. The password does not expire.
    7,455 pointsBadges:
    report
  • ToddN2000
    It may also have to do with what release you are on as to what the options are. Under V7R3M0 when you do a WRKUSRPRF and look at the help for setting the password expiration these are the values and meanings

         Password expiration interval (PWDEXPITV) - Help
                                                        
    Specifies the password expiration interval (in days).
                                                        
    *SAME                                               
        The value does not change. 

    *SYSVAL                                                
        The system value QPWDEXPITV is used to determine the
        password expiration interval. 
                         
    *NOMAX                          
        The password does not expire.

    1-366
        Specify the number of days between the date when the
        password is changed and the date when the password 
        expires.  Valid values range from 1 through 366.
82,315 pointsBadges:
report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: