I'm trying to figure out a way to test all user profiles to make sure the user profile does not match the password, e.g. USERID = QSECOFR Password = QSECOFR. I've explored various API's and functions, and cannot find a way to do this programically. We have several thousand userid's, so to do this manually will take some time. This request came from our auditors by the way. Anyone have any ideas on how to accomplish this task?

Jim, Have a look at menu SECTOOLS - option 1: Analyze default passwords (ANZDFTPWD)will do exactly what you want. If you want to write your own program to do the check the security API QSYGETPH (Get profile handle), which allows for password validation - be sure to read the documentation carefully though; there are a couple of things to take into consideration (authority required, possible user profile disabling, etc.). Best regards, Carsten Flensburg

As stated, ANZDFTPWD already does this, and I feel it does it quite well. It is one of the standard things I run on passwords about every two months. Regards, Jim Langston

Thanks, Carsten! I just ran it and caught 36 enabled user profiles using the default password. Many of them were added from corporate headquarters by their I.S. staff, incidentally. Hmmm. Expired them all.