Re: Locking out USRPRF with *ALLOBJ -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

> "Martin Rowe" wrote:
> Subject: Re: Locking out USRPRF with *ALLOBJ
> Mind you, an *ALLOBJ user can reset the QSECOFR SST profile
> password to the default, but at least you'd know then that it had been
bypassed.

Martin -
I'm on V5R1, and having had to reset my QSECOFR SST profile
several times now, I'll have to disagree with this statement.

I just signed on to my system with a test userid that was copied from
QSECOFR, tried the command CHGDSTPWD PASSWORD(*DEFAULT),
and got this message:

                           Additional Message Information

  Message ID . . . . . . :     CPF2275         Severity . . . . . . . :
40
  Message type . . . . . :     Diagnostic
  Date sent  . . . . . . :   06/22/04      Time sent  . . . . . . :
14:40:18

  Message . . . . :   Not authorized to change DST password for IBM supplied
    security capability profile.
  Cause . . . . . :   Only a user signed on as user profile QSECOFR can
change
    the DST password for the IBM supplied security capability profile.
  Recovery  . . . :   Have the security officer sign on with the user
profile
    QSECOFR and change the IBM supplied security capability profile
password.


Steve Landess
Austin, Texas
(512) 423-0935

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.