Ignacio, todo lo que se puede hacer con el QPWDRULES está muuy bien, pero no puedes utilizar *MIXCASEn con QPWDLVL con valor 0 o 1
*Donde n es un número entre 0 y 9. La contraseña debe contener al menos n letras mayúsculas y n letras minúsculas. Este valor se rechaza si el sistema esta funcionando con un valor QPWDLVL de 0 ó1 porque se requieren las contraseñas en mayúsculas.* El lun, 19 abr 2021 a las 14:47, Téllez Alvarado, Ignacio (< [email protected]>) escribió: > Alex: > > Ojala te ayude, > > si QPWDLMTCHR esta en *NONE, soporta cualquier carácter. > > Además, verifica el sysval QPWDRULES, donde puedes poner una serie de > reglas nuevas desde V6.1 (adjunto la ayuda de este sysval): > > Password rules > > When QPWDRULES is set to *PWDSYSVAL, then QPWDRULES is ignored and the > other password system values are used to check whether a password is formed > correctly. Specifically, the QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, > QPWDMAXLEN, QPWDMINLEN, QPWDPOSDIF, and QPWDRQDDGT system values will be > used instead of QPWDRULES > > Note: If any value other than *PWDSYSVAL is specified for QPWDRULES, the > QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, QPWDMAXLEN, QPWDMINLEN, QPWDPOSDIF, and > QPWDRQDDGT system values are ignored when a new password is checked to see > if it is formed correctly. > > The following values of QPWDRULES provide the control of passwords as the > values are defined. > > *CHRLMTAJC - The password may not contain 2 or more occurrences of the > same character that are positioned adjacent (consecutive) to each > other. This value cannot be specified if the *CHRLMTREP value is also > specified > > *CHRLMTREP The password may not contain 2 or more occurrences of the same > character. This value cannot be specified if the *CHRLMTAJC value is also > specified > > *DGTLMTAJC The password may not contain 2 or more adjacent (consecutive) > digit characters. > > *DGTLMTFST The first character of the password may not be a digit > character. This value cannot be specified if *LTRLMTFST and *SPCCHRLMTFST > values are also specified > > *DGTLMTLST The last character of the password may not be a digit > character. This value cannot be specified if *LTRLMTLST and *SPCCHRLMTLLST > values are also specified. > > *DGTMAXn - Where n is a number from 0 to 9. Specifies the maximum number > only one *DGTMAXn value can be specified. If a *DGTMINn value is also > specified, the n value specified for *DGTMAXn must be greater than or equal > to the n value specified for *DGTMINn. > > *DGTMINn Where n is a number from 0 to 9. Specifies the minimum number of > digit characters that must occur in the password. Only one *DGTMINn value > can be specified. If a *DGTMAXn value is also specified, the n value > specified for *DGTMAXn must be greater than or equal to the n value > specified for *DGTMINn. > > *LMTSAMPOS The same character cannot be used in a position corresponding > to the same position in the previous password. > > *LMTPRFNAME -The uppercase password value may not contain the complete > user profile name in consecutive positions > > *LTRLMTAJC - The password may not contain 2 or more adjacent (consecutive) > letter characters. > > *LTRLMTFST -The first character of the password may not be a letter > character. This value cannot be specified if *DGTLMTFST and *SPCCHRLMTFST > values are also specified. If the system is operating with a QPWDLVL value > of 0 or 1, *LTRLMTFST and *SPCCHRLMTFST cannot both be specified. > > *LTRLMTLST -The last character of the password may not be a letter > character. This value cannot be specified if *DGTLMTLST and *SPCCHRLMTLST > values are also specified > > *LTRMAXn - Where n is a number from 0 to 9. Specifies the maximum number > of letter characters that may occur in the password. Only one *LTRMAXn > value can be specified. If a *LTRMINn value is also specified, the n value > specified for *LTRMAXn must be greater than or equal to the n value > specified for *LTRMINn. > > *LTRMINn - Where n is a number from 0 to 9. Specifies the minimum number > of letter characters that must occur in the password. Only one *LTRMINn > value can be specified. If a *LTRMAXn value is also specified, the n value > specified for *LTRMAXn must be greater than or equal to the n value > specified for *LTRMINn. > > *MAXLENnnn - Where nnn is a number from 1 to 128 (without leading zeroes), > the maximum number of characters in a password. If the system is operating > at QPWDLVL 0 or 1, the valid range is 1-10. If the system is operating at > QPWDLVL 2 or 3, the valid range is 1-128 The nnn value specified must be > large enough to accommodate all *MIXCASEn, *DGTMAXn, *LTRMAXn, *SPCCHRMAXn, > first and last character restrictions, and non-adjacent character > requirements. If *MINLENnnn is also specified, the nnn value specified for > *MAXLENnnn must be greater than or equal to the nnn value specified for > *MINLENnnn. If no *MAXLENnnn value is specified, a value of *MAXLEN10 is > assumed if the system is operating with a QPWDLVL value of 0 or 1 or a > value of *MAXLEN128 is assumed if the system is operating with a QPWDLVL > value of 2 or 3. > > *MINLENnnn - Where nnn is a number from 1 to 128 (without leading zeroes). > This is the minimum number of characters in a password. If the system is > operating at QPWDLVL 0 or 1, the valid range is 1-10. If the system is > operating at QPWDLVL 2 or 3, the valid range is 1-128. If *MAXLENnnn is > also specified, the nnn value specified for *MAXLENnnn must be greater than > or equal to the nnn value specified for *MINLENnnn. If no *MINLENnnn value > is specified, a value of *MINLEN1 is assumed. > > *MIXCASEn -Where n is a number from 0 to 9. The password must contain at > least n uppercase and n lowercase letters. This value is rejected if the > system is operating with a QPWDLVL value of 0 or1 because passwords are > required to be uppercase. Only one *MIXCASEn value can be specified. If a > *LTRMAXn value is specified, the n value specified for *LTRMAXn must be > greater than or equal to two times the n value specified for *MIXCASEn. > > *REQANY3 -The password must contain characters from at least three of the > following four types of characters. > > o Uppercase letters > > o Lowercase letters > > o Digits > > o Special characters > > When the system is operating with a QPWDLVL of 0 or 1, *REQANY3 has the > same effect as if *DGTMIN1, *LTRMIN1, and *SPCCHRMIN1 were all specified. > > *SPCCHRLMTAJC - The password may not contain 2 or more adjacent > (consecutive) special characters > > *SPCCHRLMTFST The first character of the password may not be a special > character. This value cannot be specified if *DGTLMTFST and *LTRLMTFST > values are also specified. If the system is operating with a QPWDLVL value > of 0 or 1, *LTRLMTFST and *SPCCHRLMTFST cannot both be specified. > > *SPCCHRLMTLST - The last character of the password may not be a special > character. This value cannot be specified if *DGTLMTLST and *LTRLMTLST > values are also specified. > > *SPCCHRMAXn - Where n is a number from 0 to 9. Specifies the maximum > number of special characters that may occur in the password. Only one > *SPCCHRMAXn value can be specified. If a *SPCCHRMINn value is also > specified, the n value specified for *SPCCHRMAXn must be greater than or > equal to the n value specified for *SPCCHRMINn. > > *SPCCHRMINn - Where n is a number from 0 to 9. Specifies the minimum > number of special characters that must occur in the password. Only one > *SPCCHRMINn value can be specified. If a *SPCCHRMAXn value is also > specified, the n value specified for *SPCCHRMAXn must be greater than or > equal to the n value specified for *SPCCHRMINn. > > > > > > Atte > > Ignacio > > *De:* Forum.help400 <[email protected]> *En > nombre de *Alex Martínez > *Enviado el:* lunes, 19 de abril de 2021 5:45 > *Para:* forum.help400 <[email protected]> > *Asunto:* [External] Re: iSeries control de passwords - NIST > *Importancia:* Alta > > > > Hola > > > > Si necesitas Mayusculas y minusculas en la contraseña necesitas subir > QPWDLVL a valor 2 pero esto requiere una buena planificación porque tiene > consideraciones importantes > > > > > https://www.ibm.com/docs/en/i/7.4?topic=changes-considerations-changing-qpwdlvl-from-0-1-2 > > > > El vie, 16 abr 2021 a las 12:27, Sergio Simón (< > [email protected]>) escribió: > > Hola buenos días: > > > > Me han solicitado aplicar la normativa NIST para el control de > passwords sobre iSeries. > > Hasta el momento iSeries se ha adaptado a la perfección en lo > solicitado con los valores de sistema QPWD*: > > > > - Intervalo de caducidad de contraseña (QPWDEXPITV) a 60 días. > > - Las contraseñas tendrán 6 caracteres como mínimo (QPWDMINLEN) > > - Las contraseñas tendrás 64 caracteres como máximo (QPWDMAXLEN) > > - Control de contraseñas empleadas (QPDWRQDDIF) > > - A los 5 intentos de acceso fallido, la cuenta del usuario se > bloqueará (QMAXSIGN). > > > > Y ahora viene lo complicado, solicitan que las contraseñas tengan una > mayúscula, una minúscula, un número y caracteres especiales ($%&#). > > > > Investigando vi el valor del sistema 'QPWDVLDPGM Programa de validación > de contraseñas' que permite poner un programa que realice estas > comprobaciones. cual fue mi sorpresa al modificar este valor de sistema e > indicar un programa, desarrollo propio que realiza estas funciones, que me > decía que no se podía modificar si el valor 'QPWDLVL Nivel de contraseña' > no se encontraba en 0 ó 1. > > > > Resulta que si pongo en QPWDLVL el valor 0 ó 1 me limita la longitud de > contraseñas de 1 a 10 caracteres. Por lo que no me sirve esta configuración > ya que contradice el valor solicitado en QPWDMAXLEN ya que debe permitir > contraseñas de hasta 64 caracteres. > > > > ¿Alquien se ha topado con este problema o ha aplicado la normativa NIST > en su iSeries y me puede echar una mano? > > > > Saludos. > > ____________________________________________________ > Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd ) > Forum.Help400 © Publicaciones Help400, S.L. > > > ----------------------------------------------------------------- > Notice of Confidentiality: The information transmitted is intended only > for the sender and person or entity to which it is addressed and may > contain confidential and/or privileged material. Any review, > e-transmission, dissemination or other use of, or taking of any action in > reliance upon, this information by persons or entities other than the > intended recipient is prohibited. > If you received this in error, please contact the sender immediately by > return electronic transmission and then immediately delete this > transmission, including all attachments, without copying, distributing or > disclosing same. > ------------------------------------------------------------------ > Aviso de Confidencialidad: Este correo electrónico y/o el material adjunto > es para uso exclusivo del emisor y la persona o entidad a la que > expresamente se le ha enviado, y puede contener información confidencial o > material privilegiado. Si usted no es el destinatario legítimo del mismo, > por favor repórtelo inmediatamente al remitente del correo y bórrelo. > Cualquier revisión, retransmisión, difusión o cualquier otro uso de este > correo, por personas o entidades distintas a las del destinatario legítimo, > queda expresamente prohibido. Este correo electrónico no pretende ni debe > ser considerado como constitutivo de ninguna relación legal, contractual o > de otra índole similar. > ____________________________________________________ > Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd ) > Forum.Help400 © Publicaciones Help400, S.L.
____________________________________________________ �nete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd ) Forum.Help400 � Publicaciones Help400, S.L.
