QASECIDL was somehow turned on and attached to my iSeries security officer. Do you know how this could have happened? In addition, we use PentaSafe to help with our inactive users; our PentaSafe vendor is stating that there is no conflict between their product and whatever triggered QASECIDL. QASECIDL parm was set to "0001" which we have never set and that setting would not make sense in our environment.

We want to ensure that this does not happen again or on our other iSeries machines. Can we simply disable this program? If so, are there any conflicts that you are aware of?

I believe the job you are referring to is the QSECIDL1 job that gets scheduled when the Analyze Profile Activity (ANZPRFACT) command is run. This job looks at all user profiles on the system and if they have not been used in the specified time (in your case one day), OS/400 sets the profile to status *DISABLED. If you don't want this analysis to occur, run the ANZPRFACT command specifying *NOMAX for the number of inactive days and the job will be "unscheduled."

It's not clear to me which PentaSafe (now NetIQ) product you are using, but I am not aware of any of their products that uses or depends upon having run the ANZPRFACT command or having it remain as a scheduled job.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

This was first published in February 2005

Back to top