Is it "expired" or "disabled"?
Or, if you do DSPUSRPRF do you see (sample 1)

User profile . . . . . . . . . . . . . . . : ACCTG
Previous sign-on . . . . . . . . . . . . . : 08/09/08
Sign-on attempts not valid . . . . . . . . : 0
Status . . . . . . . . . . . . . . . . . . : *ENABLED
Date password last changed . . . . . . . . : 10/04/95
Password expiration interval . . . . . . . : *NOMAX
Set password to expired . . . . . . . . . : *NO

Or (2),
Sign-on attempts not valid . . . . . . . . : 4
Status . . . . . . . . . . . . . . . . . . : *DISABLED
Date password last changed . . . . . . . . : 10/04/95
Password expiration interval . . . . . . . : *NOMAX
Set password to expired . . . . . . . . . : *NO

Or (3),
Sign-on attempts not valid . . . . . . . . : 0
Status . . . . . . . . . . . . . . . . . . : *ENABLED
Date password last changed . . . . . . . . : 10/04/95
Password expiration interval . . . . . . . : *NOMAX
Set password to expired . . . . . . . . . : *YES

Or (4),
Sign-on attempts not valid . . . . . . . . : 0
Status . . . . . . . . . . . . . . . . . . : *ENABLED
Date password last changed . . . . . . . . : 10/04/95
Password expiration interval . . . . . . . : 90
Set password to expired . . . . . . . . . : *YES

1 = Generic user profile that works fine here.
2 = Someone who used the wrong password a number of times and activated
system values QMAXSIGN and QMAXSGNACN.
3 = Commonly done by CHGUSRPRF USRPRF(ACCTG) PASSWORD(ACCTG) PWDEXP(*YES)
to force a password change at next login. A technique so common that any
hacker tries a WRKOBJ QUSRSYS/*ALL *MSGQ and these default passwords.
4 = You only thought it was set to not expire. This says otherwise.

See audit journals.

Rob Berendt

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].