Troubleshooting
Problem
This document provides information about the password level system value.
Resolving The Problem
Beginning at V5R1M0, the password level of the system can be set to allow for user profile passwords from 1 to 10 characters or to allow for user profile passwords from 1 to 128 characters.
The password level can be set to allow a passphrase as the password value. The term passphrase can be described as a password value that can be very long and has few, if any, restrictions on the characters used in the password value. Blanks can be used between letters in a passphrase, which allows you to have a password value that is a sentence or sentence fragment. The only restrictions on a passphrase are that it cannot start with an asterisk ( * ) and trailing blanks are removed.
Before changing the password level of your system, review the section Planning Password Level Changes in Chapter 7 of the Security Reference manual. This section provides considerations that should be addressed before changing this system value.
Notes:
Possible Values for the QPWDLVL System Value:
The password level can be set to allow a passphrase as the password value. The term passphrase can be described as a password value that can be very long and has few, if any, restrictions on the characters used in the password value. Blanks can be used between letters in a passphrase, which allows you to have a password value that is a sentence or sentence fragment. The only restrictions on a passphrase are that it cannot start with an asterisk ( * ) and trailing blanks are removed.
Before changing the password level of your system, review the section Planning Password Level Changes in Chapter 7 of the Security Reference manual. This section provides considerations that should be addressed before changing this system value.
Notes:
| 1. | The shipped value is ‘0’. |
| 2. | A user must have *ALLOBJ and *SECADM special authority to change this system value. |
| 3. | An IPL is required for the system value change to take affect. |
| 4. | This only pertains to OS/400 passwords. The QPWDLVL system value is not related to Service Tools (SST/DST) user id's and passwords. |
| 0 | The system supports user profile passwords with a length of 1-10 characters. The allowable characters are A-Z, 0-9 and characters $, @, # and underline. - QPWDLVL 0 should be used if your system communicates with other System i platforms in a network and those systems are running with either a QPWDLVL value of 0 or an operating system release less than V5R1M0. - QPWDLVL 0 should be used if your system communicates with any other system that limits the length of passwords from 1-10 characters. - QPWDLVL 0 must be used if your system communicates with the i5/OS Support for Windows Network Neighborhood i5/OS NetServer™) product and your system communicates with other systems using passwords from 1-10 characters. When the QPWDLVL value of the system is set to 0, the operating system will create the encrypted password for use at QPWDLVL 2 and 3. The password value that can be used at QPWDLVL 2 and 3 will be the same password as is being used at QPWDLVL 0 or 1. |
| 1 | QPWDLVL 1 is the equivalent support of QPWDLVL 0 with the following exception: i5/OS NetServer passwords for Windows 95/98/ME clients will be removed from the system. Note: The i5/OS NetServer product will work with Windows NT/2000/XP/Vista clients when the password level is 1 or 3. Unless the Windows 95/98/ME clients are configured to use NTLMv2 passwords, you cannot use QPWDLVL value 1 to connect those clients to the i5/OS NetServer product. QPWDLVL 1 improves the security of System i platforms by removing all LAN manager passwords from the system. |
| 2 | The system supports user profile passwords from 1-128 characters. Uppercase and lowercase characters are allowed. Passwords can consist of any character and the password will be case sensitive. QPWDLVL 2 is viewed as a compatibility level. This level allows for a move back to QPWDLVL 0 or 1 as long as the password created on QPWDLVL 2 or 3 meets the length and syntax requirements of a password valid on QPWDLVL 0 or 1. - QPWDLVL 2 can be used if your system communicates with the i5/OS Support for Windows Network Neighborhood i5/OS NetServer) product as long as your password is 1-14 characters in length. - QPWDLVL 2 cannot be used if your system communicates with other System i platforms in a network and those systems are running with either a QPWDLVL value of 0 or 1 or an operating system release less than V5R1M0. - QPWDLVL 2 cannot be used if your system communicates with any other system that limits the length of passwords from 1-10 characters. No encrypted passwords are removed from the system when QPWDLVL is changed to 2. |
| 3 | The system supports user profile passwords from 1-128 characters. Uppercase and lowercase characters are allowed. Passwords can consist of any character and the password will be case sensitive. - QPWDLVL 3 cannot be used if your system communicates with other System i platforms in a network and those systems are running with either a QPWDLVL value of 0 or 1 or an operating system release less than V5R1M0. - QPWDLVL 3 is the equivalent support of QPWDLVL 2 with the following exception: i5/OS NetServer passwords for Windows 95/98/ME clients will be removed from the system. Note: The i5/OS NetServer product will work with Windows NT/2000/XP/Vista clients when the password level is 1 or 3. Unless the Windows 95/98/ME clients are configured to use NTLMv2 passwords, you cannot use QPWDLVL value 3 to connect those clients to the i5/OS NetServer product. QPWDLVL 3 improves the security of System i platforms by removing all LAN manager passwords from the system. This information can be found online in the Information Center at the following Web site: https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzahg/welcome.htm Search on the system value QPWDLVL. |
Additional Information - Changing the Signon Screen Display
The source code for the signon display file is shipped with the operating system. The source is shipped in file QSYS/QAWTSSRC. This source code can be changed to add text to the signon screen display. Field names and buffer lengths should not be changed.
Display File Source for the Sign-On Screen
The source for the sign-on display file is shipped as a member (QDSIGNON or QDSIGNON2) in the QSYS/QAWTSSRC physical file. QDSIGNON contains the source for the sign-on screen source used when system value QPWDLVL is set to 0 or 1. Member QDSIGNON2 contains the sign-on screen source used when the system value QPWDLVL is set to 2 or 3. The file QSYS/QAWTSSRC is deleted and restored each time the operating system is installed. If you plan to create your own version of the sign-on screen, first copy the appropriate source file member (QDSIGNON or QDSIGNON2) to your own source file and make changes to the copy in your source file.
Additional information on changing the sign-on display file can be found in the Security Reference Chapter 6.
The source code for the signon display file is shipped with the operating system. The source is shipped in file QSYS/QAWTSSRC. This source code can be changed to add text to the signon screen display. Field names and buffer lengths should not be changed.
Display File Source for the Sign-On Screen
The source for the sign-on display file is shipped as a member (QDSIGNON or QDSIGNON2) in the QSYS/QAWTSSRC physical file. QDSIGNON contains the source for the sign-on screen source used when system value QPWDLVL is set to 0 or 1. Member QDSIGNON2 contains the sign-on screen source used when the system value QPWDLVL is set to 2 or 3. The file QSYS/QAWTSSRC is deleted and restored each time the operating system is installed. If you plan to create your own version of the sign-on screen, first copy the appropriate source file member (QDSIGNON or QDSIGNON2) to your own source file and make changes to the copy in your source file.
Additional information on changing the sign-on display file can be found in the Security Reference Chapter 6.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]
Historical Number
30795328
Was this topic helpful?
Document Information
Modified date:
15 September 2020
UID
nas8N1016481