MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » October 2004

Re: Display User Password?



fixed

Chuck,

The most secure option would be QPWDLVL = 3 along with a QPWDMINLEN set high
enough to make any brute attack non-trivial.  Make the minimum too high, and
you're effectively requiring a passphrase which is a hassle for entry on
each telnet session.  A secure shell would make more sense in that kind of
environment, but that's another topic.

If you simply you perceive an exposure to a Win98(LanMan) attack, then
QPWDLVL = 1, might be sufficient.  But as others pointed out, the threat is
really from within your network.  Either a knowledgeable AS/400 person who
has the authority to get the stored password hashes or someone with a
network monitor.

Only you know what your security risks and requirements are.


Keith



----- Original Message ----- 
From: "Chuck Lewis" <clewis@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, September 30, 2004 2:26 PM
Subject: RE: Display User Password?


> Thanks Keith.
>
> I'm it here so I checked with me and all is well :-) If it is ONLY W98
then
> we should be OK.
>
> So what do you normally recommend that be set at ?
>
> Thanks,
>
> Chuck
>
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Keith Carpenter
> Sent: Thursday, September 30, 2004 2:44 PM
> To: Midrange Systems Technical Discussion
> Subject: Re: Display User Password?
>
> Checking with vendors for 128 byte password support is well advised.
Don't
> assume they do.  Maybe a software upgrade is necessary.
>
> As far as dropping Win98/lanman password support, you might check with
your
> windows network admin.  They should be able to tell you whether they have
to
> carry this legacy support.  As far as the AS400 is concerned, it's the
Win98
> PCs using windows netserver (IFS file server).  CA, telnet/ftp, etc. would
> not use this authentication.
>
>
> Keith
>
>
>
>
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact