The most secure option would be QPWDLVL = 3 along with a QPWDMINLEN set high
enough to make any brute attack non-trivial.  Make the minimum too high, and
you're effectively requiring a passphrase which is a hassle for entry on
each telnet session.  A secure shell would make more sense in that kind of
environment, but that's another topic.

If you simply you perceive an exposure to a Win98(LanMan) attack, then
QPWDLVL = 1, might be sufficient.  But as others pointed out, the threat is
really from within your network.  Either a knowledgeable AS/400 person who
has the authority to get the stored password hashes or someone with a
network monitor.

Only you know what your security risks and requirements are.


----- Original Message ----- 
From: "Chuck Lewis" <clewis@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, September 30, 2004 2:26 PM
Subject: RE: Display User Password?

> Thanks Keith.
> I'm it here so I checked with me and all is well :-) If it is ONLY W98
> we should be OK.
> So what do you normally recommend that be set at ?
> Thanks,
> Chuck
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Keith Carpenter
> Sent: Thursday, September 30, 2004 2:44 PM
> To: Midrange Systems Technical Discussion
> Subject: Re: Display User Password?
> Checking with vendors for 128 byte password support is well advised.
> assume they do.  Maybe a software upgrade is necessary.
> As far as dropping Win98/lanman password support, you might check with
> windows network admin.  They should be able to tell you whether they have
> carry this legacy support.  As far as the AS400 is concerned, it's the
> PCs using windows netserver (IFS file server).  CA, telnet/ftp, etc. would
> not use this authentication.
> Keith
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit:
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at

This thread ...

Return to Archive home page | Return to MIDRANGE.COM home page