× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2019

RE: disable all Q* ibm supplied profiles and chaning default passwords

I think this thread has pointed out some of the misconceptions that surround
ibm i security.
One point that I've not seen yet - there is a difference between
a. disabling a profile
or
b. changing a default password to *NONE (to never be used to sign on)
Carol Woodbury's books recommended QPGMR, QSRV, QSRVBAS, QSYSOPR, QUSER all
to set to *NONE
The profile can be used by parts of the OS, but not to log in.
New releases come this way, but if you are carrying 30 years of baggage,
restoring to new hardware, it takes some cleanup.

Jim Franz


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of
Justin Taylor
Sent: Wednesday, October 09, 2019 10:38 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: disable all Q* ibm supplied profiles and chaning default
passwords

"IBM does not deliver the system to run with QSECOFR for anything."
IBM link please.

There are many, many OS functions and not all of them are commonly used.
For example, IBM dropped support for MGTC File Monitors, which we used.
When I contacted IBM about that, they were shocked and told me they believed
no one was using them.



-----Original Message-----
From: DrFranken [mailto:midrange@xxxxxxxxxxxx]
Sent: Wednesday, October 09, 2019 8:37 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: disable all Q* ibm supplied profiles and chaning default
passwords

If OS functions are failing with QSECOFR disabled you have changed defaults
in a bad way. IBM does not deliver the system to run with QSECOFR for
anything.

MANY of my customers run with QSECOFR disabled 24x7. Its use is heavily
restricted and of course always remember if needed you CAN still sign on
with a disabled QSECOFR at the defined system console device.

Certainly the vast majority of IBM Profiles can have no password and / or
can be disabled but simply doing all of them will likely cause some issues.
Testing is required!!


- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.