Question

Asked:
Asked By:
Nov 24 2008   10:50 AM GMT
Gobledegook48   5 pts.

Issues when changing AS/400 password length


AS/400 Password Length, AS/400 passwords, Password Minimum Length, QPWDMINLEN

I have asked our AS/400 admins if we can change the QPWDMINLEN value to 7. They have said that if this is cahnaged all the 100 accounts on the system will be deactivated.

Is this true? If so is the a way to migrate groups of users iover to the new level?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window

Answer Wiki (Improve, edit or add to this answer)


 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0



Hi,

I can't say for sure on this, but I would assume that the system would only give a prompt to change the password for accounts which currently have less than 7 character passwords when the account is used to sign on.

I would suggest trying this when the machine is not being used (maybe over a weekend). Make sure your own account has more than 7 characters for the password. Sign on and leave the session connected for the rest of this. Make 2 test accounts - one with more than 7 characters password and one with less than seven. Use SAVSECDTA to get a backup of your security settings. Change the system value QPWDMINLEN to 7, try signing on on another workstation/session with both test profiles.

If it doesn't work, you can always reset the QPWDMINLEN and if necessary restore the security data.

Regards,

Martin Gilbert.


From: WaltZ400

I looked at the help text when I did a DSPSYSVAL of QPWDMINLEN and it states

"A change to this system value takes effect the next time a password
is changed."
  • AddThis Social Bookmark Button

Browse more Questions and Answers on AS/400 and Security.

Looking for relevant AS/400 Whitepapers? Visit the Search400.com Research Library.


Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Graybeard52   1915 pts.  |   Nov 24 2008  6:02PM GMT

WaltZ400 is correct. Password rules are enforced only when changing password. So accounts will be active.
There is one gotcha to watch out for, if you are changing password LEVEL. In the “upper case only” modes, passwords are actually stored in mixed case (however the user entered them). But the “upper case” level means the case is ignored. So when you switch to a level where case is enforced, some users can’t sign on. They think the password has always been upper case, but that’s not the case - it just been ignoring the case. They may need to enter lowercase (or vice versa) to get in.