Verifying passwords when changing password levels
Before changing the Password level (QPWDLVL) system value, verify that your user profiles contain passwords for the level you want to change to.
To analyze the profiles on your system, use one of the following methods:
- The first method is to use the PRTUSRPRF (Print User Profile) command.
When this command is used with the *PWDLVL value for the TYPE parameter, a
report is built that contains a list of all the profiles on the system and
indicates if the profile has a password for QPWDLVL 0, 1, 2, or 3. Complete
the following steps to analyze your system:
- Type PRTUSRPRF TYPE(*PWDLVL).
- Type WRKSPLF (Work with spooled file).
- Type 5 (Display) next to the filename of the report. The filename will always be QPSECUSR.
- View the report to determine which profiles have passwords for the Password level you want to change to.
- The second method is to use the output from the DSPUSRPRF (Display User
Profile) command. The DSPUSRPRF command can be used to direct user profile
information for every profile on the system to an outfile. The populated outfile
can be used in an application or in an interactive SQL SELECT statement to
determine which profiles have passwords for the QPWDLVL you want to change
to. Complete the following steps to analyze your system:
- When you want to get the information for all the profiles on the system,
you must direct the output from the DSPUSRPRF command to an outfile. When
the value for the TYPE parameter is *BASIC, the outfile must be the same format
as the IBM® model
outfile QSYS/QADSPUPB. There are two fields in the target outfile that contain
the desired information. The field names are UPENPW (Y indicates
the user has a password for QPWDLVL 0 and 1) and UPENPH (Y indicates the user
has a password for password level 2 and 3).
If the outfile specified on the DSPUSRPRF command does not exist when the command is issued, the command will create the file. If the file exists when the DSPUSRPRF command is issued, it must be the same format as QSYS/QADSPUPB the model outfile. It is a good idea to create the target outfile before you issue the DSPUSRPRF command. The following step is recommended, but not always required:
CRTDUPOBJ OBJ(QADSPUPB) FROMLIB(QSYS) OBJTYPE(*FILE) TOLIB(1111) NEWOBJ(nnnn) Where 1111 is the name of an existing library where you want the target outfile to go and nnnn is the name of the target outfile.
- If you have a large number of profiles of your system, the outfile might
not hold all of the data. To ensure the outfile can handle all the data, issue
the following CHGPF (Change Physical File) command against the file you just
created:
CHGPF FILE(1111/nnnn) SIZE(*NOMAX)
- Use the DSPUSRPRF command to collect the data for all the profiles on
your system:
DSPUSRPRF USRPRF(*ALL) TYPE(*BASIC) OUTPUT(*OUTFILE) OUTFILE(1111/nnnn)
- If you want to use an interactive SQL SELECT statement to examine which
the profiles for valid passwords, use the following commands:
- Type STRSQL.
- Type SELECT UPUPRF, UPENPW, UPENPH FROM 1111/nnnn.
OR
You can write an application that extracts the UPENPW and UPENPH field data from your target outfile.
- When you want to get the information for all the profiles on the system,
you must direct the output from the DSPUSRPRF command to an outfile. When
the value for the TYPE parameter is *BASIC, the outfile must be the same format
as the IBM® model
outfile QSYS/QADSPUPB. There are two fields in the target outfile that contain
the desired information. The field names are UPENPW (Y indicates
the user has a password for QPWDLVL 0 and 1) and UPENPH (Y indicates the user
has a password for password level 2 and 3).