TAA Tools
CHGPWDA         CHANGE PASSWORD ATTRIBUTES             TAASEEW

The Change  Password  Attributes command  provides separate  parameters
for each  of the QPWDxxx system  values.  A prompt  override program is
used  to prime the parameter  values so that you  may key over existing
values.  You must have  *ALLOBJ and *SECADM special authorities  to use
CHGPWDA.

Note that  the system values are not  checked during the use  of CRT or
CHGUSRPRF.    They  are checked  by  the CHGPWD  command  which  is the
function used  when  the  user must  enter  a new  password  at  signon
because the old password has expired.

A typical command would be entered as:

             CHGPWDA

The  command  prompt  would  appear with  the  current  values  of  the
QPWDxxx system values.

The  default for  all the parameters  is *SAME,  but this is  not shown
because of the prompt override program.

When the  Enter  key is  pressed,  each  value passed  to  the  Command
Processing Program is  compared against the  current system value.   If
a  difference exists,  the system  value is  changed  and a  message is
sent.   A  summary message  is sent  describing how many  system values
were changed and not changed.

CHGPWDA escape messages you can monitor for
--------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   QPWDPWDBLK    The number  of  days the  password  should be  blocked
                 from  making a  change.   The  CHGUSRPRF command  does
                 not consider this value.

                 Enter  *NONE if  changes  are allowed  on the  same or
                 any day.

                 Enter 1-99 for the number  of days that passwords  may
                 not be changed.

   QPWDEXPITV    The  password expiration  interval.   Enter *NOMAX  if
                 passwords should never expire.

                 If  passwords should expire  in a number  of days from
                 the last change, enter the  number of days in a  range
                 of 1 - 366.

                 If a  password has  expired, the  user will be  forced
                 to change to a new password at signon.

                 A   change   to  this   system   value  takes   effect
                 immediately.  The shipped value is *NOMAX.

                 The  default  value is  *SAME,  but the  current value
                 will  be  displayed  by  use  of  a   prompt  override
                 program.

   QPWDEXPWRN    The  password  expiration  warning  days.   A  message
                 will  be  sent  if  the  user  signs  on  and has  not
                 changed  his  password  within  the  number  of   days
                 specified.  A value of 1-99 may be entered.

   QPWDLMTAJC    Limit adjacent digits  in the password.   Enter '0' if
                 adjacent digits are allowed.

                 Enter  '1' if  adjacent digits are  not allowed.   For
                 example,  a  password  of   A11  or  A1223  would   be
                 invalid, but A123 would be valid.

                 A   change  to   this   system  value   takes   effect
                 immediately.  The shipped value is '0'.

                 The  default value  is  *SAME, but  the  current value
                 will   be  displayed  by  use  of  a  prompt  override
                 program.

   QPWDLMTCHR    Limit characters  in the password.   Enter '*NONE'  if
                 any character values are allowed in a password.

                 Enter  a  string  of  up  to 10  characters  that  are
                 considered  invalid in  a password.   For  example, if
                 'AB' is entered,  a password  of ABC, or  ACD, or  BCD
                 would be invalid.

                 A typical  use of this  parameter would be  to prevent
                 vowels  (A,E,I,O,U,Y) or  special characters  (such as
                 @,#,$) from being valid.

                 A  change   to   this  system   value   takes   effect
                 immediately.  The shipped value is *NONE.

                 The  default value  is *SAME,  but  the current  value
                 will  be  displayed   by  use  of  a  prompt  override
                 program.

   QPWDLMTREP    Limit  repeated  characters.   Enter  '0'  if repeated
                 characters are allowed.

                 Enter '1'  if  repeated  characters (anywhere  in  the
                 password) are  not allowed.   For example,  a password
                 of   ABA  or  AABC   would  be   invalid  because  the
                 character A  is repeated.   This  prevents words  like
                 APPLE or  SYSTEM from being  valid because one  of the
                 characters is repeated.

                 Enter  '2' if consecutive repeated  characters are not
                 allowed.   For  example, a  password  of AAA  or  ABBC
                 would  be invalid,  but  ABC  would  be valid.    This
                 prevents  words like  APPLE,  but allows  a  word like
                 SYSTEM.

                 A   change   to   this  system   value   takes  effect
                 immediately.  The shipped value is '0'.

                 The default  value  is *SAME,  but  the current  value
                 will  be  displayed  by   use  of  a  prompt  override
                 program.

   QPWDMINLEN    Minimum  length of  the password.   Enter  the minimum
                 length of the password that my be entered.

                 A  change   to   this  system   value   takes   effect
                 immediately.  The shipped value is 6.

                 The  default value  is *SAME,  but  the current  value
                 will  be   displayed  by  use  of  a  prompt  override
                 program.

   QPWDMAXLEN    Maximum length  of the  password.   Enter the  maximum
                 length  of the  password  that  my  be entered.    The
                 maximum for  the system is 10, but  some other systems
                 only allow 8.

                 A   change   to   this  system   value   takes  effect
                 immediately.  The shipped value is 8.

                 The default  value  is *SAME,  but the  current  value
                 will  be  displayed  by   use  of  a  prompt  override
                 program.

   QPWDPOSDIF    Limit  password  character positions.    Enter  '0' to
                 allow the  same  character  to  be used  in  the  same
                 position as in the old password.

                 Enter '1' to  require that a new password  not use the
                 same  character in  the same  position.   For example,
                 if the  current  password  is ABC,  the  new  password
                 cannot be ACB because  the character A is in  the same
                 position 1  of both passwords.  The  values BAC or CBA
                 would  also be invalid.   The values  BCA or CAB would
                 be valid.

                 Limiting  the character  positions  can  make  changes
                 from a  password such as APPLE to  a totally different
                 value  such  as  PRUNE  invalid  (E  is  in  the  same
                 position), but it  will also  prevent trivial  changes
                 such as APPLE1 to APPLE2.

                 A   change  to   this   system   value  takes   effect
                 immediately.  The shipped value is '0'.

                 The  default  value is  *SAME, but  the  current value
                 will  be  displayed  by  use  of  a  prompt   override
                 program.

   QPWDRQDDGT    Require  a  digit.    Enter  '0'   if  no  digits  are
                 required.

                 Enter  '1' if  at least  one digit  is required.   For
                 example,  ABC  would be  invalid,  but ABC1,  A1BC, or
                 A12BC would be valid.

                 A  change   to   this   system  value   takes   effect
                 immediately.  The shipped value is '0'.

                 The  default value  is  *SAME, but  the current  value
                 will  be   displayed  by  use  of  a  prompt  override
                 program.

   QPWDRQDDIF    Duplicate   password   control   (Require    different
                 passwords).   Enter '0'  if passwords  used previously
                 for  a user are allowed  to be re-used.   For example,
                 if the  users  first password  is  APPLE and  then  is
                 changed to  FOUNTAIN, the  user can  re-use APPLE  the
                 next time a password is changed.

                 The  following  values   may  be  entered  to  prevent
                 re-use of an old password previously used by a user:

                    1 = Cannot be the same as the last 32 passwords
                    2 = Cannot be the same as the last 24 passwords
                    3 = Cannot be the same as the last 18 passwords
                    4 = Cannot be the same as the last 12 passwords
                    5 = Cannot be the same as the last 10 passwords
                    6 = Cannot be the same as the last 8 passwords
                    7 = Cannot be the same as the last 6 passwords
                    8 = Cannot be the same as the last 4 passwords

                 The  default  value is  *SAME,  but the  current value
                 will  be  displayed  by  use  of   a  prompt  override
                 program.

   QPWDVLDPGM    Password  validation program.   *NONE  is the  default
                 meaning there is no password validation program.

                 A  password  validation  program  and  library may  be
                 entered  to  allow  a  user  program  to  process  the
                 proposed new  password.  For  example, you  might want
                 to  enforce  your  own  password  validation rules  or
                 prevent 'blue' words from being used.

                 Both the  program and  library  name must  be  entered
                 and the  program must exist.   For  an example of  how
                 to  write a  password validation  program,  use DSPTAA
                 of the TAASECCC2 program.

                 A   change   to   this  system   value   takes  effect
                 immediately.  The shipped value is *NONE.

                 The default  value  is *SAME,  but the  current  value
                 will  be  displayed  by   use  of  a  prompt  override
                 program.

   QPWDLVL       Password level.

                 0 = Password lengths are 1 - 10.

                 1  = Password  lengths are  1 -  10.   i5/OS NetServer
                 passwords  for  Windows   95/98/ME  clients  will   be
                 removed from the system.

                 2 = Password lengths are 1 - 128.

                 3 =  Password lengths  are 1 -  128.   i5/OS NetServer
                 passwords   for  Windows  95/98/ME   clients  will  be
                 removed from the system.

                 A change  to this  system value  takes effect  at  the
                 next IPL.  To  see the pending value (if  one exists),
                 use DSPSECA.  The shipped value is 0.

                 The  default value  is  *SAME, but  the  current value
                 will   be  displayed  by  use  of  a  prompt  override
                 program.

Restrictions
------------

You must have *ALLOBJ  and *SECADM special authorities to  use CHGPWDA.

The system values are not used for CRT or CHGUSRPRF.

The QPWDRULES system value is not supported.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     CHKOBJ3         Check object 3
     CHKSECADM       Check *SECADM special authority
     EDTVAR          Edit variable
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHGPWDA       *CMD                   TAASEEW       QATTCMD
   TAASEEWC      *PGM       CLP         TAASEEWC      QATTCL
   TAASEEWC2     *PGM       CLP         TAASEEWC2     QATTCL

TAASEEWC2 is the prompt override program.
					

Added to TAA Productivity tools April 23, 2001


Home Page Up to Top