Yes, the iSeries has a lot of potential Trojan Horses.  However, after IBM 
has come up with all of the QPWD* system values, and if you still want to 
do your own verification, what else could they have done?

Rob Berendt
-- 
"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety." 
Benjamin Franklin 




"Andy Nolen-Parkhouse" <aparkhouse@xxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
11/18/2003 11:42 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
cc

Subject
RE: iSeries passwords






Rob,

I agree that you're probably right.  But this exit program is a 
user-written
program which receives the old and new passwords as clear parameters and
could do what it wants with them, including writing them to a database.
While adding an exit point requires a little more sophistication to
implement than just changing a system value, it requires the same level of
authority (*ALLOBJ and *SECADM) as changing the QPWDVLDPGM system value.

What am I missing?

Andy


> I bet this:
> 
> The password validation exit program
> http://publib.boulder.ibm.com/iseries/v5r2/ic2924/info/apis/xsyvlphr.htm
> 
> Rob Berendt




_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].