TechTip: New in 6.

1, System Value QPWDRULES

Written by Steve Pitcher Friday, 23 July 2010 00:00 - Last Updated Friday, 23 July 2010 00:00

New password validation rules help you deploy a more effective password formation strategy. In V6R1, the QPWDRULES system value was created to give you more control of how a user profile password is constructed. In the prior release, a number of different system values offered this ability (e.g., QPWDMAXLEN controlled the maximum length of a password, QPWDRQDDGT enforced that there be a digit character, etc.). Having all password rules under the hood of one system value makes things a little tidier and simplifies management of password rules, but you can still use the old system values if you wish by specifying the *PWDSYSVAL parameter on the QPWDRULES system value. Listed below are the parameters offered with the new system value along with explanations of how they function. Some of these parameters have dependencies on others, but I won't go into those in detail here for the sake of simplicity. For example, if you specify *DGTLMTLST and *SPCCHRLMTLST (i.e., the last character of a password must not be a digit and must not be a special character, respectively), then you can't specify *LTRLMTLST (the last character must not be a letter character) because your only option for a last character at that point is a letter character. I've put these in the same order as they appear in the 6.1 Information Center so you can cross-reference and find more details with ease. This system value takes effect the next time a user changes his/her password. *PWDSYSVALThe QPWDRULES system value is ignored and the old system values are used to construct and enforce the password rules. *CHRLMTAJCTwo adjacent characters in the password are not the same. *CHRLMTREPThe password can't contain the same character twice or more. *DGTLMTAJCTwo adjacent digit characters are not the same. *DGTLMTFSTThe first character of a password is not a digit. *DGTLMTLSTThe last character of a password is not a digit.

1/3

TechTip: New in 6.1, System Value QPWDRULES

Written by Steve Pitcher Friday, 23 July 2010 00:00 - Last Updated Friday, 23 July 2010 00:00

*DGTMAXnThis sets the maximum amount of digits allowed in a password, where n is from 0 to 9. *DGTMINnThis sets the minimum number of digits allowed in a password, where n is from 0 to 9. *LMTSAMPOSThe new password must not contain the same character in the corresponding position of the new password. This corresponds to the old QPWDPOSDIF system value. *LMTPRFNAMEThe user name must not exist in the password (e.g., user profile bsmith and password bsmith999 is not allowed). *LTRLMTAJCConsecutive letter characters are not allowed. *LTRLMTFSTThe first character of a password must not be a letter. *LTRLMTLSTThe last character of a password must not be a letter. *LTRMAXnThe maximum number of letter characters in the password where n is from 0 to 9. *LTRMINnThis sets the minimum number of letter characters in the password, where n is from 0 to 9. *MAXLENnnnDepending on the QPWDLVL system value, this controls the maximum number of characters allowed in a password. If QPWDLVL is 0 or 1 ( stop reading this and investigate moving on up to QPWDLVL 2 or 3 ), then the maximum password length is 1 to 10 characters; otherwise, it's 1 to 128. This replaces the functionality of the old QPWDMAXLEN system value. *MINLENnnnThis controls the minimum number of characters allowed. If QPWDLVL is 0 or 1 ( can you see me shudder? ), then the maximum password length is 1 to 10 characters;

2/3

TechTip: New in 6.1, System Value QPWDRULES

Written by Steve Pitcher Friday, 23 July 2010 00:00 - Last Updated Friday, 23 July 2010 00:00

otherwise, it's 1 to 128. *MIXCASEnThis forces the password to contain n amount of uppercase and lowercase letters, where n is 0 to 9. If QPWDLVL is 0 or 1 ( once again, stop reading this and grab the security manual ), then this parameter is ignored. *REQANY3This checks that at least three of the following are contained in the password: *SPCCHRLMTAJCThis disallows adjacent consecutive special characters. *SPCCHRLMTFSTThis forces the first position of the password to not be a special character. *SPCCHRLMTLSTThis forces the last position of a password to not be a special character. *SPCCHRMAXnThis sets the maximum amount of special characters, where n is 0 to 9. *SPCCHRMINnThis sets the minimum amount of special characters, where n is 0 to 9. Uppercase letters Lowercase letters Digits Special characters

3/3