× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: Re: AS400 user password (fwd)
  • From: "William Washington III" <w.washington@xxxxxxxx>
  • Date: Fri, 9 Jun 2000 19:16:26 -0500

So it sounds like a solution to this is:

1.  Secure the password validation programs (QPWDVLDPGM and others??) just
as one would secure the ???USRPRF commands.
2.  Run the AS/400 at SECLVL(50).
3.  Do not let folks load programs onto the system that can override #1.
4.  Encourage longer user ids and passwords.

Since I'm not a network guy, I don't know about the sniffer
hardware/software stuff.  But it seems to me that if external connections
are through a virtual private network (VPN), that'll keep the bad guy's nose
clean...

Since passwords must be stored somewhere on the system, we just have to take
precautions to protect the file from the AS/400 system programs that can
decrypt it.  I'm sure the infamous 17-line RPG IV program is a call to one
of the service routines.  (But I haven't seen it... I could be wrong!)

This has been a most useful and eye-opening thread... Have a safe weekend.

William


----- Original Message -----
From: "Salter, James" <JSalter@acipco.com>
To: <MIDRANGE-L@midrange.com>
Sent: Friday, June 09, 2000 7:17 AM
Subject: RE: AS400 user password (fwd)


> There is a TAATOOL that will allow you to display the password.
>
> If I recall you need to change the password validation program and
> then you can track all changes that occur.
>
> If you do a CHGUSRPRF command to change the password, it is not tracked.
>
> DSPPWD will display those passwords that have been changed through normal
> processes.
>
>
> -----Original Message-----
> From: 163.net [mailto:jshen69@163.net]
> Sent: Friday, June 09, 2000 3:31 AM
> To: MIDRANGE-L@midrange.com
> Subject: Re: AS400 user password (fwd)
>
>
> I know if you use your user. I can get the password. No problem.
>
> John
>
>
> ----- Original Message -----
> From: Raikov, Lo <RaikovL@mki.com.au>
> To: <MIDRANGE-L@midrange.com>
> Sent: Friday, June 09, 2000 12:06 PM
> Subject: RE: AS400 user password (fwd)
>
>
> > I did not expect to see any disagreement on this one. As far as I know,
> > passwords are stored inside the MI, and there is no MI command or system
> API
> > that would allow existing passwords to be extracted. In fact, in the
early
> > days of the AS/400 IBM was very proud of this feature, saying that for
> this
> > reason alone AS/400 was more secure than any of the UNIX platforms. If,
> > however, you know how to look up the existing password, could you share
> the
> > know-how please?
> >
> > Lo
> >
> > > -----Original Message-----
> > > From: Steve Glanstein [SMTP:mic@aloha.com]
> > > Sent: Friday, June 09, 2000 12:38 PM
> > > To: mr; echu@navg.com
> > > Subject: RE: AS400 user password (fwd)
> > >
> > > Yes.
> > >
> > > Steve Glanstein
> > > mic@aloha.com
> > >
> > >
> > > >
> > > > Is it possible to look up an AS400 user's password within the
> > > > system?  Any input on this will be appreciated.  Thank you.
> > > >
> > > > Eunice Chu
> > > > echu@navg.com
> > > >
> > > >
> > > +---
> > > | This is the Midrange System Mailing List!
> > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> > > | To unsubscribe from this list send email to
> > > MIDRANGE-L-UNSUB@midrange.com.
> > > | Questions should be directed to the list owner/operator:
> > > david@midrange.com
> > > +---
> > +---
> > | This is the Midrange System Mailing List!
> > | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> > | To unsubscribe from this list send email to
> MIDRANGE-L-UNSUB@midrange.com.
> > | Questions should be directed to the list owner/operator:
david@midrange.
> com
> > +---
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.co
m.
> | Questions should be directed to the list owner/operator:
> david@midrange.com
> +---
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
david@midrange.com
> +---
>

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.