TAA Tools

 CHGPWDA         CHANGE PASSWORD ATTRIBUTES             TAASEEW

 The Change  Password  Attributes command  provides separate  parameters
 for each  of the QPWDxxx system  values.  A prompt  override program is
 used  to prime the parameter  values so that you  may key over existing
 values.  You must have  *ALLOBJ and *SECADM special authorities  to use
 CHGPWDA.

 Note that  the system values are not  checked during the use  of CRT or
 CHGUSRPRF.    They  are checked  by  the CHGPWD  command  which  is the
 function used  when  the  user must  enter  a new  password  at  signon
 because the old password has expired.

 A typical command would be entered as:

              CHGPWDA

 The  command  prompt  would  appear with  the  current  values  of  the
 QPWDxxx system values.

 The  default for  all the parameters  is *SAME,  but this is  not shown
 because of the prompt override program.

 When the  Enter  key is  pressed,  each  value passed  to  the  Command
 Processing Program is  compared against the  current system value.   If
 a  difference exists,  the system  value is  changed  and a  message is
 sent.   A  summary message  is sent  describing how many  system values
 were changed and not changed.

 CHGPWDA escape messages you can monitor for
 --------------------------------------------

 None.  Escape messages from based on functions will be re-sent.

 Command parameters                                    *CMD
 ------------------

    QPWDPWDBLK    The number  of  days the  password  should be  blocked
                  from  making a  change.   The  CHGUSRPRF command  does
                  not consider this value.

                  Enter  *NONE if  changes  are allowed  on the  same or
                  any day.

                  Enter 1-99 for the number  of days that passwords  may
                  not be changed.

    QPWDEXPITV    The  password expiration  interval.   Enter *NOMAX  if
                  passwords should never expire.

                  If  passwords should expire  in a number  of days from
                  the last change, enter the  number of days in a  range
                  of 1 - 366.

                  If a  password has  expired, the  user will be  forced
                  to change to a new password at signon.

                  A   change   to  this   system   value  takes   effect
                  immediately.  The shipped value is *NOMAX.

                  The  default  value is  *SAME,  but the  current value
                  will  be  displayed  by  use  of  a   prompt  override
                  program.

    QPWDEXPWRN    The  password  expiration  warning  days.   A  message
                  will  be  sent  if  the  user  signs  on  and has  not
                  changed  his  password  within  the  number  of   days
                  specified.  A value of 1-99 may be entered.

    QPWDLMTAJC    Limit adjacent digits  in the password.   Enter '0' if
                  adjacent digits are allowed.

                  Enter  '1' if  adjacent digits are  not allowed.   For
                  example,  a  password  of   A11  or  A1223  would   be
                  invalid, but A123 would be valid.

                  A   change  to   this   system  value   takes   effect
                  immediately.  The shipped value is '0'.

                  The  default value  is  *SAME, but  the  current value
                  will   be  displayed  by  use  of  a  prompt  override
                  program.

    QPWDLMTCHR    Limit characters  in the password.   Enter '*NONE'  if
                  any character values are allowed in a password.

                  Enter  a  string  of  up  to 10  characters  that  are
                  considered  invalid in  a password.   For  example, if
                  'AB' is entered,  a password  of ABC, or  ACD, or  BCD
                  would be invalid.

                  A typical  use of this  parameter would be  to prevent
                  vowels  (A,E,I,O,U,Y) or  special characters  (such as
                  @,#,$) from being valid.

                  A  change   to   this  system   value   takes   effect
                  immediately.  The shipped value is *NONE.

                  The  default value  is *SAME,  but  the current  value
                  will  be  displayed   by  use  of  a  prompt  override
                  program.

    QPWDLMTREP    Limit  repeated  characters.   Enter  '0'  if repeated
                  characters are allowed.

                  Enter '1'  if  repeated  characters (anywhere  in  the
                  password) are  not allowed.   For example,  a password
                  of   ABA  or  AABC   would  be   invalid  because  the
                  character A  is repeated.   This  prevents words  like
                  APPLE or  SYSTEM from being  valid because one  of the
                  characters is repeated.

                  Enter  '2' if consecutive repeated  characters are not
                  allowed.   For  example, a  password  of AAA  or  ABBC
                  would  be invalid,  but  ABC  would  be valid.    This
                  prevents  words like  APPLE,  but allows  a  word like
                  SYSTEM.

                  A   change   to   this  system   value   takes  effect
                  immediately.  The shipped value is '0'.

                  The default  value  is *SAME,  but  the current  value
                  will  be  displayed  by   use  of  a  prompt  override
                  program.

    QPWDMINLEN    Minimum  length of  the password.   Enter  the minimum
                  length of the password that my be entered.

                  A  change   to   this  system   value   takes   effect
                  immediately.  The shipped value is 6.

                  The  default value  is *SAME,  but  the current  value
                  will  be   displayed  by  use  of  a  prompt  override
                  program.

    QPWDMAXLEN    Maximum length  of the  password.   Enter the  maximum
                  length  of the  password  that  my  be entered.    The
                  maximum for  the system is 10, but  some other systems
                  only allow 8.

                  A   change   to   this  system   value   takes  effect
                  immediately.  The shipped value is 8.

                  The default  value  is *SAME,  but the  current  value
                  will  be  displayed  by   use  of  a  prompt  override
                  program.

    QPWDPOSDIF    Limit  password  character positions.    Enter  '0' to
                  allow the  same  character  to  be used  in  the  same
                  position as in the old password.

                  Enter '1' to  require that a new password  not use the
                  same  character in  the same  position.   For example,
                  if the  current  password  is ABC,  the  new  password
                  cannot be ACB because  the character A is in  the same
                  position 1  of both passwords.  The  values BAC or CBA
                  would  also be invalid.   The values  BCA or CAB would
                  be valid.

                  Limiting  the character  positions  can  make  changes
                  from a  password such as APPLE to  a totally different
                  value  such  as  PRUNE  invalid  (E  is  in  the  same
                  position), but it  will also  prevent trivial  changes
                  such as APPLE1 to APPLE2.

                  A   change  to   this   system   value  takes   effect
                  immediately.  The shipped value is '0'.

                  The  default  value is  *SAME, but  the  current value
                  will  be  displayed  by  use  of  a  prompt   override
                  program.

    QPWDRQDDGT    Require  a  digit.    Enter  '0'   if  no  digits  are
                  required.

                  Enter  '1' if  at least  one digit  is required.   For
                  example,  ABC  would be  invalid,  but ABC1,  A1BC, or
                  A12BC would be valid.

                  A  change   to   this   system  value   takes   effect
                  immediately.  The shipped value is '0'.

                  The  default value  is  *SAME, but  the current  value
                  will  be   displayed  by  use  of  a  prompt  override
                  program.

    QPWDRQDDIF    Duplicate   password   control   (Require    different
                  passwords).   Enter '0'  if passwords  used previously
                  for  a user are allowed  to be re-used.   For example,
                  if the  users  first password  is  APPLE and  then  is
                  changed to  FOUNTAIN, the  user can  re-use APPLE  the
                  next time a password is changed.

                  The  following  values   may  be  entered  to  prevent
                  re-use of an old password previously used by a user:

                     1 = Cannot be the same as the last 32 passwords
                     2 = Cannot be the same as the last 24 passwords
                     3 = Cannot be the same as the last 18 passwords
                     4 = Cannot be the same as the last 12 passwords
                     5 = Cannot be the same as the last 10 passwords
                     6 = Cannot be the same as the last 8 passwords
                     7 = Cannot be the same as the last 6 passwords
                     8 = Cannot be the same as the last 4 passwords

                  The  default  value is  *SAME,  but the  current value
                  will  be  displayed  by  use  of   a  prompt  override
                  program.

    QPWDVLDPGM    Password  validation program.   *NONE  is the  default
                  meaning there is no password validation program.

                  A  password  validation  program  and  library may  be
                  entered  to  allow  a  user  program  to  process  the
                  proposed new  password.  For  example, you  might want
                  to  enforce  your  own  password  validation rules  or
                  prevent 'blue' words from being used.

                  Both the  program and  library  name must  be  entered
                  and the  program must exist.   For  an example of  how
                  to  write a  password validation  program,  use DSPTAA
                  of the TAASECCC2 program.

                  A   change   to   this  system   value   takes  effect
                  immediately.  The shipped value is *NONE.

                  The default  value  is *SAME,  but the  current  value
                  will  be  displayed  by   use  of  a  prompt  override
                  program.

    QPWDLVL       Password level.

                  0 = Password lengths are 1 - 10.

                  1  = Password  lengths are  1 -  10.   i5/OS NetServer
                  passwords  for  Windows   95/98/ME  clients  will   be
                  removed from the system.

                  2 = Password lengths are 1 - 128.

                  3 =  Password lengths  are 1 -  128.   i5/OS NetServer
                  passwords   for  Windows  95/98/ME   clients  will  be
                  removed from the system.

                  A change  to this  system value  takes effect  at  the
                  next IPL.  To  see the pending value (if  one exists),
                  use DSPSECA.  The shipped value is 0.

                  The  default value  is  *SAME, but  the  current value
                  will   be  displayed  by  use  of  a  prompt  override
                  program.

 Restrictions
 ------------

 You must have *ALLOBJ  and *SECADM special authorities to  use CHGPWDA.

 The system values are not used for CRT or CHGUSRPRF.

 The QPWDRULES system value is not supported.

 Prerequisites
 -------------

 The following TAA Tools must be on your system:

      CHKALLOBJ       Check *ALLOBJ special authority
      CHKOBJ3         Check object 3
      CHKSECADM       Check *SECADM special authority
      EDTVAR          Edit variable
      SNDCOMPMSG      Send completion message
      SNDESCMSG       Send escape message

 Implementation
 --------------

 None, the tool is ready to use.

 Objects used by the tool
 ------------------------

    Object        Type    Attribute      Src member    Src file
    ------        ----    ---------      ----------    ----------

    CHGPWDA       *CMD                   TAASEEW       QATTCMD
    TAASEEWC      *PGM       CLP         TAASEEWC      QATTCL
    TAASEEWC2     *PGM       CLP         TAASEEWC2     QATTCL

 TAASEEWC2 is the prompt override program.

Added to TAA Productivity Tools April 23, 2001


Home Page

Last modified on November 19, 2014 © 1995, 2014 - TAA Tools, Inc.