Unconfigured Ad Widget

**Guest.Visitor** · 11-16-1999, 08:38 AM

Password Change from windows

I found my answer, here it is for anyone who doesn't already know of this one. I created a password validation program that I put in the system value "qpwdvldpgm". The parms passed in are "new password, old password, return code, and user). I just check for the users I want to stop. It works on the as/400 and from windows...

**Guest.Visitor** · 11-16-1999, 09:22 AM

Password Change from windows

Is there an easy way to stop the ability for users to change the AS/400 passwords through the "change password options" in the control panel. Everyone here uses the same profile and password to log on to client access, although they use their own for the actual AS/400 signon. The problem is when someone gets the bright idea to change the password through the PC no one can sign on. I know, or at least I think, this is not the best seniero for security, or the best in general practice, but some battles are better left for another day. For now I am just looking for a way to stop users from changing the password from the PC Another option you have is to use the Windows System Policy Editor. You can control password changes and such with the CA/400 plug-in for that. There was an article on how to use it in the Mar/Apr 99 issue of AS/400 Network Expert technical journal.

**Guest.Visitor** · 11-16-1999, 11:17 AM

Password Change from windows

A password validation program? What a great way to collect passwords!! I hope you have the appropriate security on it . . . Good luck, Steve

**Guest.Visitor** · 11-16-1999, 12:47 PM

Password Change from windows

No Problem, already taken care of... The first thing the documentation tells you is that the data is passed with the passwords in plain text. But of course anyone using client access on a network could have a problem if someone were to analyze the traffic over the lines too. Plus at the company I am at now 90% of the people share the same profile so it does not much matter, all the programs are secured by device. And no one is ever required to change their passwords. The only passwords you would see is the one everyone knows and you don't want changed!

But it was taken care of none the less... Now qsecofr and programmer passwords, That is a different story... My only question to the person in charge of security here is: Can you say security?

**Guest.Visitor** · 11-17-1999, 02:49 PM

Password Change from windows

WOW! Greg, you want a thrill? open up a dos window and type:'ftp my_system_name or my_system_ip_address' after you log in, check out what you can see using the ftp commands like 'cd payrollib' or 'dir' or 'mkdir hacker' or 'put c:autoexec.bat production/custfile' if you don't have ip, use cleint access file transfer to read or change files. it's too simple. ca/400 also adds an odbc driver to m$ excel. from there even a lamer is just 4 or 5 mouse clicks from reading secret as/400 data. if you try to secure your programs to devices your always goign to have a hole a mile wide that pcs can barrell right thru. you have to secure your files against all those computers on the network too ya know.

**Guest.Visitor** · 11-18-1999, 05:32 AM

Password Change from windows

I hear you! I am one for a secure system, which this one I am on now is NOT. I have always used object level security, everyone (most of the time) had their own profiles, users only could get to what they needed etc.. The network was secured with exit programs on ALL the servers including FTP. One day here someone will do something, intentionally or not, that will be severe enough to demand those who dictate the priorities to place security closer to the top of the list if not on top. Right now security is just someone who makes sure you did not park in the wrong parking space.

**Guest.Visitor** · 01-12-2000, 07:11 AM

Password Change from windows

Greg, I tried to do a trace from within CA but had no luck. We are currently journaling, so I checked out the journal entries after performing the password change from within the Control Panel. I found out that the process of changing the password in Control Panel hits two programs on the AS/400. The programs are QZSOSGND and QZSOSIGN. I then went on the AS/400 side and changed the object authority on the program QZSOSIGN for the public entry to *EXCLUDE. I made sure that I could change the password using the CHGPWD command on the AS/400 side and it worked with no problem. I went through the process of changing the passwords from within the Control Panel and the process failed with an error. I still want to check with IBM and see if this change affects anything else. I'll add another entry if they warn me against this. Check ya later.

**Guest.Visitor** · 01-12-2000, 11:36 AM

Password Change from windows

Well, I had a little bit of a problem. IBM informs me that this will virtually eliminate anyone from signing onto the AS400 from Client Access. It seems that this is the Client Access user and password validation program. I thought I tested everything - but I forgot to signoff and sign back on within Client Access.

**Guest.Visitor** · 02-29-2000, 11:48 AM

Password Change from windows

Perhaps you could help me with this question.. on passwords.. I have a user who has a 5 digit log in.. and that was also the password..but, we have a time limit on changing passwords and this person has to change thier password.. so I go in to change it .. thinking simple thing.. right?? but, it meaning the computer will not let me change anything because it says the current password is only 5 digits.. not 6.. how can I get around that???

**Guest.Visitor** · 02-29-2000, 12:11 PM

Password Change from windows

Brenda, Change the System Value for QPWDMINLEN (password minimum length) from 6 to 5 characters. Regards. Jack

**Guest.Visitor** · 02-29-2000, 12:16 PM

Password Change from windows

. . . or change the password with the CHGUSRPRF command rather than CHGPWD. HTH, Steve

**Guest.Visitor** · 03-01-2000, 11:22 AM

Password Change from windows

Wow. The auditors in my company would have a field day at your site. They'd be drooling on the way in.

**Guest.Visitor** · 03-01-2000, 11:26 AM

Password Change from windows

jj, You found that hole too. That one surprised me. I argued against the vendor of software designed to close that hole. I was vehement that no one could get into my machines that way until I tried it. I now have their software running. It closes the hole, sometimes too well. Regards.

Unconfigured Ad Widget

Announcement

Password Change from windows

Password Change from windows

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment