Alex: Ojala te ayude, si QPWDLMTCHR esta en *NONE, soporta cualquier carácter. Además, verifica el sysval QPWDRULES, donde puedes poner una serie de reglas nuevas desde V6.1 (adjunto la ayuda de este sysval): Password rules When QPWDRULES is set to *PWDSYSVAL, then QPWDRULES is ignored and the other password system values are used to check whether a password is formed correctly. Specifically, the QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, QPWDMAXLEN, QPWDMINLEN, QPWDPOSDIF, and QPWDRQDDGT system values will be used instead of QPWDRULES Note: If any value other than *PWDSYSVAL is specified for QPWDRULES, the QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, QPWDMAXLEN, QPWDMINLEN, QPWDPOSDIF, and QPWDRQDDGT system values are ignored when a new password is checked to see if it is formed correctly. The following values of QPWDRULES provide the control of passwords as the values are defined. *CHRLMTAJC - The password may not contain 2 or more occurrences of the same character that are positioned adjacent (consecutive) to each other. This value cannot be specified if the *CHRLMTREP value is also specified *CHRLMTREP The password may not contain 2 or more occurrences of the same character. This value cannot be specified if the *CHRLMTAJC value is also specified *DGTLMTAJC The password may not contain 2 or more adjacent (consecutive) digit characters. *DGTLMTFST The first character of the password may not be a digit character. This value cannot be specified if *LTRLMTFST and *SPCCHRLMTFST values are also specified *DGTLMTLST The last character of the password may not be a digit character. This value cannot be specified if *LTRLMTLST and *SPCCHRLMTLLST values are also specified. *DGTMAXn - Where n is a number from 0 to 9. Specifies the maximum number only one *DGTMAXn value can be specified. If a *DGTMINn value is also specified, the n value specified for *DGTMAXn must be greater than or equal to the n value specified for *DGTMINn. *DGTMINn Where n is a number from 0 to 9. Specifies the minimum number of digit characters that must occur in the password. Only one *DGTMINn value can be specified. If a *DGTMAXn value is also specified, the n value specified for *DGTMAXn must be greater than or equal to the n value specified for *DGTMINn. *LMTSAMPOS The same character cannot be used in a position corresponding to the same position in the previous password. *LMTPRFNAME -The uppercase password value may not contain the complete user profile name in consecutive positions *LTRLMTAJC - The password may not contain 2 or more adjacent (consecutive) letter characters. *LTRLMTFST -The first character of the password may not be a letter character. This value cannot be specified if *DGTLMTFST and *SPCCHRLMTFST values are also specified. If the system is operating with a QPWDLVL value of 0 or 1, *LTRLMTFST and *SPCCHRLMTFST cannot both be specified. *LTRLMTLST -The last character of the password may not be a letter character. This value cannot be specified if *DGTLMTLST and *SPCCHRLMTLST values are also specified *LTRMAXn - Where n is a number from 0 to 9. Specifies the maximum number of letter characters that may occur in the password. Only one *LTRMAXn value can be specified. If a *LTRMINn value is also specified, the n value specified for *LTRMAXn must be greater than or equal to the n value specified for *LTRMINn. *LTRMINn - Where n is a number from 0 to 9. Specifies the minimum number of letter characters that must occur in the password. Only one *LTRMINn value can be specified. If a *LTRMAXn value is also specified, the n value specified for *LTRMAXn must be greater than or equal to the n value specified for *LTRMINn. *MAXLENnnn - Where nnn is a number from 1 to 128 (without leading zeroes), the maximum number of characters in a password. If the system is operating at QPWDLVL 0 or 1, the valid range is 1-10. If the system is operating at QPWDLVL 2 or 3, the valid range is 1-128 The nnn value specified must be large enough to accommodate all *MIXCASEn, *DGTMAXn, *LTRMAXn, *SPCCHRMAXn, first and last character restrictions, and non-adjacent character requirements. If *MINLENnnn is also specified, the nnn value specified for *MAXLENnnn must be greater than or equal to the nnn value specified for *MINLENnnn. If no *MAXLENnnn value is specified, a value of *MAXLEN10 is assumed if the system is operating with a QPWDLVL value of 0 or 1 or a value of *MAXLEN128 is assumed if the system is operating with a QPWDLVL value of 2 or 3. *MINLENnnn - Where nnn is a number from 1 to 128 (without leading zeroes). This is the minimum number of characters in a password. If the system is operating at QPWDLVL 0 or 1, the valid range is 1-10. If the system is operating at QPWDLVL 2 or 3, the valid range is 1-128. If *MAXLENnnn is also specified, the nnn value specified for *MAXLENnnn must be greater than or equal to the nnn value specified for *MINLENnnn. If no *MINLENnnn value is specified, a value of *MINLEN1 is assumed. *MIXCASEn -Where n is a number from 0 to 9. The password must contain at least n uppercase and n lowercase letters. This value is rejected if the system is operating with a QPWDLVL value of 0 or1 because passwords are required to be uppercase. Only one *MIXCASEn value can be specified. If a *LTRMAXn value is specified, the n value specified for *LTRMAXn must be greater than or equal to two times the n value specified for *MIXCASEn. *REQANY3 -The password must contain characters from at least three of the following four types of characters. o Uppercase letters o Lowercase letters o Digits o Special characters When the system is operating with a QPWDLVL of 0 or 1, *REQANY3 has the same effect as if *DGTMIN1, *LTRMIN1, and *SPCCHRMIN1 were all specified. *SPCCHRLMTAJC - The password may not contain 2 or more adjacent (consecutive) special characters *SPCCHRLMTFST The first character of the password may not be a special character. This value cannot be specified if *DGTLMTFST and *LTRLMTFST values are also specified. If the system is operating with a QPWDLVL value of 0 or 1, *LTRLMTFST and *SPCCHRLMTFST cannot both be specified. *SPCCHRLMTLST - The last character of the password may not be a special character. This value cannot be specified if *DGTLMTLST and *LTRLMTLST values are also specified. *SPCCHRMAXn - Where n is a number from 0 to 9. Specifies the maximum number of special characters that may occur in the password. Only one *SPCCHRMAXn value can be specified. If a *SPCCHRMINn value is also specified, the n value specified for *SPCCHRMAXn must be greater than or equal to the n value specified for *SPCCHRMINn. *SPCCHRMINn - Where n is a number from 0 to 9. Specifies the minimum number of special characters that must occur in the password. Only one *SPCCHRMINn value can be specified. If a *SPCCHRMAXn value is also specified, the n value specified for *SPCCHRMAXn must be greater than or equal to the n value specified for *SPCCHRMINn.
Atte Ignacio De: Forum.help400 <[email protected]> En nombre de Alex Martínez Enviado el: lunes, 19 de abril de 2021 5:45 Para: forum.help400 <[email protected]> Asunto: [External] Re: iSeries control de passwords - NIST Importancia: Alta Hola Si necesitas Mayusculas y minusculas en la contraseña necesitas subir QPWDLVL a valor 2 pero esto requiere una buena planificación porque tiene consideraciones importantes https://www.ibm.com/docs/en/i/7.4?topic=changes-considerations-changing-qpwdlvl-from-0-1-2 El vie, 16 abr 2021 a las 12:27, Sergio Simón (<[email protected]<mailto:[email protected]>>) escribió: Hola buenos días: Me han solicitado aplicar la normativa NIST para el control de passwords sobre iSeries. Hasta el momento iSeries se ha adaptado a la perfección en lo solicitado con los valores de sistema QPWD*: - Intervalo de caducidad de contraseña (QPWDEXPITV) a 60 días. - Las contraseñas tendrán 6 caracteres como mínimo (QPWDMINLEN) - Las contraseñas tendrás 64 caracteres como máximo (QPWDMAXLEN) - Control de contraseñas empleadas (QPDWRQDDIF) - A los 5 intentos de acceso fallido, la cuenta del usuario se bloqueará (QMAXSIGN). Y ahora viene lo complicado, solicitan que las contraseñas tengan una mayúscula, una minúscula, un número y caracteres especiales ($%&#). Investigando vi el valor del sistema 'QPWDVLDPGM Programa de validación de contraseñas' que permite poner un programa que realice estas comprobaciones. cual fue mi sorpresa al modificar este valor de sistema e indicar un programa, desarrollo propio que realiza estas funciones, que me decía que no se podía modificar si el valor 'QPWDLVL Nivel de contraseña' no se encontraba en 0 ó 1. Resulta que si pongo en QPWDLVL el valor 0 ó 1 me limita la longitud de contraseñas de 1 a 10 caracteres. Por lo que no me sirve esta configuración ya que contradice el valor solicitado en QPWDMAXLEN ya que debe permitir contraseñas de hasta 64 caracteres. ¿Alquien se ha topado con este problema o ha aplicado la normativa NIST en su iSeries y me puede echar una mano? Saludos. ____________________________________________________ Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd ) Forum.Help400 © Publicaciones Help400, S.L. ----------------------------------------------------------------- Notice of Confidentiality: The information transmitted is intended only for the sender and person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, e-transmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. ------------------------------------------------------------------ Aviso de Confidencialidad: Este correo electrónico y/o el material adjunto es para uso exclusivo del emisor y la persona o entidad a la que expresamente se le ha enviado, y puede contener información confidencial o material privilegiado. Si usted no es el destinatario legítimo del mismo, por favor repórtelo inmediatamente al remitente del correo y bórrelo. Cualquier revisión, retransmisión, difusión o cualquier otro uso de este correo, por personas o entidades distintas a las del destinatario legítimo, queda expresamente prohibido. Este correo electrónico no pretende ni debe ser considerado como constitutivo de ninguna relación legal, contractual o de otra índole similar.
____________________________________________________ �nete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd ) Forum.Help400 � Publicaciones Help400, S.L.
