Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

definin a UserId Password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • definin a UserId Password

    There are several system values that should handle this without the need for a clp. They all start with QPWD....If you do resolve that a CLP is neceassary, I would recommend registering the clp as an exit point program that is called whenever a user profile is created.

  • #2
    definin a UserId Password

    A couple of thoughts. ANZDFTPWD will list all existing profiles where the password is the same as the user profile. As far as creating a profile, you could change the command default on the CRTUSRPRF to make the password a constant and the PWDEXP always *YES. The security risk on this, though, is someone knowing what the new default is, could sign on as that person and change their password before the real person ever signed on. QPWDMINLEN and QPWDMAXLEN control the length of the password -- BUT -- this is only in effect when the password is being changed via CHGPWD. Using the CRTUSRPRF or the CHGUSRPF the password does not need to conform to the rules as set forth by the sytem values.

    Comment


    • #3
      definin a UserId Password

      I got a request to make one CLP program where the password of the user id should be other than user id (default password) while creating a user id also the password should contain defined length ex 8characters.. Please some one get me your suggestion .. Thanks Bala

      Comment


      • #4
        definin a UserId Password

        I have a concern about creating a program that creates profiles. First, there are many areas within the profile that will need to be defined, for example, user class, initial menu, initial program, job description (and location/library), just to name a few. Now, one could establish some guidelines around these and finally make the program a bit more intelligent and complex. But, you're vulnerable. The program you just created to create profiles requires authority to create the profile and other objects if you make the program complex (job descriptions, output queues, etc). I would recommend a policy and procedure where HR sends an IT request that has a 'fill in the blanks' form and you (or the security officer or security admin) create the profile expired and send a message back to HR (or the new hire). Just an idea and at a very high-level overview with opinion. Have fun.

        Comment

        Working...
        X