Manage Learn to apply best practices and optimize your operations.

New password-control security features for i5/OS V6R1

The new version of i5/OS for System I includes three notable new password-control security features. Here we outline the new V6R1 system values and their potential for enhancing system security.

Rich Loeber

IBM's new i5/OS for System i will be available March 21. All reports so far indicate that this will be a major release. IBM has done a good job of previewing information about the release, especially the need for program conversion during the OS upgrade and the preparation that process requires. If you're considering a move to V6 and you haven't started down this road yet, you need to do it now.

Current documentation on V6 highlights new security features included in the release. You can start planning for three new system values now. All three involve password controls, which are always important considerations. Here is a recap of the new values and some information on each one.

QPWDCHGBLK: Block password change.
This new system value specifies the time period, in hours, during which a password is blocked from being changed after the prior successful password change was

More on i5/OS V6 and System i security:
AS/400 security levels

System i5/OS operating system due out in March

New i5/OS features announced as anticipation mounts
made. A value between 1 and 99 is allowed, or you can keep things the way they are today by using the *None setting. This can be used to prevent users from changing their password to a new value and then changing it back to their old value. In earlier releases, this could also be handled by not allowing the same password to be used until N iterations had been processed, but a determined user could just change his password N times and get back to his favorite password rather quickly. This new value forces users to play by the rules.

QPWDEXPWRN: Password expiration warning.
This specifies the number of days before a password expiration warning message appears upon user sign-on. This provides better control over this warning feature than was available in previous releases and, if needed, allows for longer warning periods. The default value is seven days to conform to earlier processing, but it can be changed to any value between 1 and 99.

QPWDRULES: Password rules.
This system value allows for multiple entries to incorporate up to 24 sets of rules to be applied when passwords are validated by the system. These rules are applied when a password is created or changed. This consolidates all the password validation rules previously available into a single parameter setting and expands the validation rules with new sets of rules.

Other than these system values, V6 also supports several new options for capturing job audit information in the security journal and new exit points to make your system more secure. In future tips, I will explore both of these new options.

If you have any questions about anything included in this tip, you can reach me at All email messages will be answered as quickly as possible.

ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

Dig Deeper on iSeries system upgrades and compatibility

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.