Manage Learn to apply best practices and optimize your operations.

Why are the user passwords getting disabled?

Security expert Carol Woodbury explains the differences between the error messages CPF2234 and CPF1393. She also explains how these errors can be avoided.

We frequently have user passwords disabled by the system. Why is it that I sometimes get the error message CPF2234 and other times I get the error message CPF1393? For the life of me, I am baffled as to why the system disables this user. I think the different error messages hold the key.
CPF2234 says that a user has entered a password that isn't valid. CPF1393 is saying that the profile has been disabled because the user entered an invalid password the number of times specified in the QMAXSIGN system value. When that number is reached, the action specified in the QMAXSGNACN is taken. For a user profile to be disabled, the system value must specify either 2 or 3. Besides a user physically entering an incorrect password on a sign-on screen, profiles can be disabled when trying to map a drive to a share in the IFS. How does this happen? When the user initially maps the drive, they leave the box checked that says "Reconnect at sign on." Then, when the user changes their password on the iSeries but doesn't change it in Windows a password mismatch occurs and the profile can get disabled.

Dig Deeper on iSeries system and application security