RE: iSeries Security in Computerworld

Subject: RE: iSeries Security in Computerworld
From: "Turnidge, Dave" <DTurnidge@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 9 Nov 2006 10:32:35 -0600
List-archive: <http://archive.midrange.com/midrange-l>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

Use CHGCMDDFT and change the password default to *NONE. 

It took a while, but I finally got management to make the standard that
a profile is always created with *NONE as the password. When the user is
ready to sign on for the first time, they are to call the helpdesk, at
which time, a one-time password is given, with the requirement that it
be changed when they sign on. 

Before that, since everyone knew that a new profile had the profile name
as password, it was a HUGE security hole. Don't know if anyone crawled
through it or not, but they can't now.

OTOH, there are have been a few times when there ended up being a
default password, but I have a set of programs from SkyView Partners
that runs every morning, and that's one of the things I am informed of.
It's changed as soon as I see it in the morning.

Dave 

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Thursday, November 09, 2006 10:24 AM
To: Midrange Systems Technical Discussion
Subject: RE: iSeries Security in Computerworld

Same as everyone else out there, look at the default for password on
CRTUSRPRF.  We get some who says "we gotta have a signon for ...".  Then
they never actually sign on and change their password.

Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





"Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx> 
Sent by: midrange-l-bounces+rob=dekko.com@xxxxxxxxxxxx
11/09/2006 10:05 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
cc

Subject
RE: iSeries Security in Computerworld






Rob, I don't count your shop as "typical" :).  For example, how in the 
world
did you manage to create 111 enabled default password accounts?  Seems 
like
you have a SERIOUS issue. 

Joe

From: rob@xxxxxxxxx

Joe,

Do we count as a client, I seem to recall writing a check...
ANZDFTPWD
CPC2232 - 119 user profiles have default passwords of which 111 have

the

status of *ENABLED.
Total number of user profiles =796.  Seems to be greater than 1 out of

8.

This thread ...

RE: iSeries Security in Computerworld, (continued)

Follow-Ups:
- RE: iSeries Security in Computerworld , Jones, John (US)

References:
- RE: iSeries Security in Computerworld , rob

Prev by Author: RE: SQL Locking...
Next by Author: RE: SQL Locking...
Previous by thread: RE: iSeries Security in Computerworld
Next by thread: RE: iSeries Security in Computerworld
Index(es):

Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2013 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact