New password-control security features for i5/OS V6R1

Rich Loeber

IBM's new i5/OS for System i will be available March 21. All reports so far indicate that this will be a major release. IBM has done a good job of previewing information about the release, especially the need for program conversion during the OS upgrade and the preparation that process requires. If you're considering a move to V6 and you haven't started down this road yet, you need to do it now.

Current documentation on V6 highlights new security features included in the release. You can start planning for three new system values now. All three involve password controls, which are always important considerations. Here is a recap of the new values and some information on each one.

QPWDCHGBLK: Block password change.
This new system value specifies the time period, in hours, during which a password is blocked from being changed after the prior successful password change was

More on i5/OS V6 and System i security: AS/400 security levels System i5/OS operating system due out in March New i5/OS features announced as anticipation mounts

made. A value between 1 and 99 is allowed, or you can keep things the way they are today by using the *None setting. This can be used to prevent users from changing their password to a new value and then changing it back to their old value. In earlier releases, this could also be handled by not allowing the same password to be used until N iterations had been processed, but a determined user could just change his password N times and get back to his favorite password rather quickly. This new value forces users to play by the rules.

QPWDEXPWRN: Password expiration warning.
This specifies the number of days before a password expiration warning message appears upon user sign-on. This provides better control over this warning feature than was available in previous releases and, if needed, allows for longer warning periods. The default value is seven days to conform to earlier processing, but it can be changed to any value between 1 and 99.

QPWDRULES: Password rules.
This system value allows for multiple entries to incorporate up to 24 sets of rules to be applied when passwords are validated by the system. These rules are applied when a password is created or changed. This consolidates all the password validation rules previously available into a single parameter setting and expands the validation rules with new sets of rules.

Other than these system values, V6 also supports several new options for capturing job audit information in the security journal and new exit points to make your system more secure. In future tips, I will explore both of these new options.

If you have any questions about anything included in this tip, you can reach me at rich@kisco.com. All email messages will be answered as quickly as possible.

---------------------------
ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

Rate this Tip To rate tips, you must be a member of Search400.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT iSeries security tips Is your AS/400 secure?: How a hacker could get valuable information from your system System i security report round-up A guide to System i security, part 2: Landing and establishing access Creating a System i database security policy: Implementation A guide to System i security: Descending into the heart of darkness of IT security Creating a System i database security policy: First steps Enhancements in the intrusion detection system for i5/OS V6R1 Six common System i security lapses Working with exit programs in i5/OS V6 Fill in your System i security knowledge gaps iSeries system upgrades and compatibility Is i5/OS V6R1 in your System i shop's future i5/OS Enhancements in the intrusion detection system for i5/OS V6R1 The enhanced DB2 inside i5/OS V6R1 Is i5/OS V6R1 in your System i shop's future New i5/OS features announced as anticipation mounts Using indexes on DB2 for i5/OS to improve performance IBM previews new version of i5/OS for System i IBM System i division filing for divorce IBM eyes SMBs with entry-level System i boxes iSeries i5/OS: Top 10 Q&As iSeries i5/OS: Top 10 Q&As i5/OS Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AS/400  (Search400.com) i5/OS  (Search400.com) iSeries  (Search400.com) OS/400  (Search400.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.