password features in OS 400

5 pts.
Tags:
AS/400
AS/400 security
Can users change passwords on their own, is that linked to any of the security values? Will the system enforce change of password on first login after creating a new user account or resetting a password, what is the related security value
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

Yes, Yes, Yes, and PWDEXP(*YES) of the *USRPR

And if you want the user to be able to change his password on his request, give him access to to command CHGPWD.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • David Vasta
    The Answer is Yes. Users can in fact change their own passwords. This is easy and in the old'en days was allowed right from the main menu [GO MENU]. Today most software packages don't allow for users to get to any of the "GO" menus so in most situations companies have set them to expire according to their security policy. The Security Policy is vital today and should be used as a road map for all security related issues. All systems in the data center should adhere to the security policy. If you don't have one it's all pretty simple and you can find samples online. The usual default time is every 90 days. So when the password starts to expire your users will start to get a prompt to change their passwords. If they opt to change them and I think they have 14 days to do so, they will be given a screen that will ask for the old password and the new one, which they will have to type twice, and presto the password is changed. The old was to let them use the CHGPWD command but most IT shops do have that option any more. So to that I say, take security seriously, make your user change the passwords no matter how much they complain and at the end of the day when all is well in System i land and no one is hacking your secure system you will have more time to order new parts vs. fighting security threats. -David Vasta
    975 pointsBadges:
    report
  • TomLiotta
    Users shouldn't be restricted from CHGPWD. But they shouldn't need it either since they should automatically have the ability to change their password every time they logon through telnet or iSeries Access. The QDSPSGNINF system value should be set to *YES, and that provides access to CHGPWD via <F9=Change password> immediately after logon. Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: