We're considering moving from password level 0 to password level 2 or
3 on v5r4...
I've read through the "Considerations for changing QPWDLVL..."
sections of the infocenter.
But I'd appreciate any feedback from those of you who have done this already.
One specific question I have, we have custom sign-on screens. I know
these need to change to support passwords greater than 10 chars, but
if we leave the QPWDMAXLEN at 10 initially, can we leave the signon
screens alone after changing QPWDLVL until we want to actually start
using long passwords? Our initial goal is simply to support
Lastly, the documentation for both level 2 and 3 say, "not use
password level 2 if your system communicates with other systems that
use password level 0 or 1 passwords or run on pre-V5R1 versions of the
operating system." All of our systems are at v5r4, so that's not an
issue. However, we've got 130+ systems :) At the very least, we'd
like to change our development system first, followed by our
QA/PRE-PROD systems, before we start on the 120+ production boxes....
Obviously, non-production boxes don't talk to production boxes very
often, but there is some communications. Such as our CMS (Aldon)
using SNADS to send deployments and many developers use TELNET or
STRPASTHR from development to a production box.
Is that going to continue to work with the boxes at different
QPWDLVLs? Or do I really need to change every box at once?
From what I can tell, having the boxes at different QPWDLVLs should be
ok as long as we don't start using long/mixed case passwords till all
boxes are changed...