|
I spoke too soon. This worked ok for changing to *NONE, but not from
*NONE.
CHGUSRPRF USRPRF(DUMMY) PASSWORD(SMITH)
CHGUSRPRF USRPRF(DUMMY) PASSWORD(JONES)
CHGUSRPRF USRPRF(DUMMY) PASSWORD(*NONE)
CHGUSRPRF USRPRF(DUMMY) PASSWORD(INNAGODDADAVIDABABY)
CHGY
CHGY
CHGYY
CHGY
If you imaging that many moons have passed in between the last two entries
it gets hard to tie back.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Wednesday, July 24, 2019 7:57 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Auditing user profile changes: Noting when a password is
changed from *NONE to something else.
Ok, I think I have one more figured out.
Notice column 642-643?
....+....2....+....3....+....4...
DUMMY QSYS *USRPRF CHGYY
DUMMY QSYS *USRPRF CHG Y
642=Was the password changed?
643=Is the password *NONE?
This corresponds to two consecutive
CHGUSRPRF USRPRF(DUMMY) PASSWORD(*NONE)
In the first one the password was changed from whatever it was to *NONE.
In the second one the audit journal determined that the password was
already at *NONE and did not flag the password as being changed. Having
them consecutive, and consecutive in the documentation, helped it click
with me.
Now I just have to determine if the limit capabilities was changed from
*YES with CHGUSRPRF USRPRF(DUMMY) LMTCPB(*NO) CHGUSRPRF USRPRF(DUMMY)
LMTCPB(*NO)
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Wednesday, July 24, 2019 7:36 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Auditing user profile changes: Noting when a password is
changed from *NONE to something else.
Yes, when I use the technique outlined the following I am using the audit
journal. However LMTCPB changed and password changed from *NONE cannot be
determined (to the best of my knowledge).
Home > IBM i 7.4 > Security > Security reference > Layout of audit journal
entries > CP (User Profile Changes) journal entries
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/rzarlf12.htm
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim
Oberholtzer
Sent: Tuesday, July 23, 2019 4:34 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Auditing user profile changes: Noting when a password is
changed from *NONE to something else.
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
Would that not be a function of the audit journal?
On Tue, Jul 23, 2019 at 3:02 PM Rob Berendt <rob@xxxxxxxxx> wrote:
I am auditing changes to user profiles.https://www.google.com/maps/search/2505+Dekko+Drive?entry=gmail&source=g>
I want to audit:
- When *ALLOBJ is added
- When *SECADM is added
- When Limited Capabilities is changed from *YES.
- When password is changed from *NONE.
I am trying to use
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/rzarlf1
2.htm Unlike file changes you don't see before/after shots. That, and
they probably don't want to log passwords where it can be found so
easily.
From the doc I see these columns:
- Current *ALLOBJ special authority
- Current *SECADM special authority
- Previous *ALLOBJ special authority
- Previous *SECADM special authority
However these only show the current value:
- The value of limited capabilities parameter.
- Password is *NONE.
So how do I determine if the password was changed from *NONE? Or if
the limited capabilities was changed from *YES?
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail to: 2505 Dekko Drive
<
Garrett, IN 46738--
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
