You have a couple of options. You could write a command (i.e. RSTPWD) that front-ends the CHGUSRPRF command and only has two parameters -- the profile name and new password name. Under the covers it hard-codes the Status parameter to be *ENABLED as well as the password expired parameter. That way, you can be assured that the password will always have to be changed the next time the user signs on.
Another solution is to write a command that uses the QSYCHGPW API (Change Password) API. The password is checked against the password composition system values.
Obviously you will want to secure these commands from general use.
================================== MORE INFORMATION ON THIS TOPIC ==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
This was first published in February 2004