Here's a fun one for you.
Run DMPUSRPRF against someone.
Look at the resulting spool file.
Search for 'previous passwords'.
If you notice that every other one is the same then the odds are likely that the person changes their password temporarily then quickly changes it back to the one they like.
Some try to thwart this by using special values to control password changes. However if the user has a higher level of authority then rules do not apply to them as CHGUSRPRF doesn't care about those system values. (Unlike CHGPWD)
They do, however, have to change it to something different then change it back because CHGUSRPRF PASSWORD(...) and leaving the password the same does NOT reset the password expiration date. IBM figured that out. No, I do not mean PASSWORD(*SAME). I mean that if your password is Dogcatcher1 that if run CHGUSRPRF PASSWORD(Dogcatcher1) it will not reset your password expiration date.
We are using IBM Security Identity Manager to propagate passwords to all systems. (no we are not using EIM/SSO). When you change your password on Windows it changes it on IBMi by using CHGUSRPRF. Sure you can set up Windows policies, etc which will follow similar rules to IBMi. However Windows admin's feel that rules do not apply to them and they simply go into Active Directory and change their password with administrator functions.
We had one who always changed his directly to the same. Wondered why it was still expiring on IBMi. (because CHGUSRPRF PASSWORD(...) without a really different password doesn't reset the expiration date). His consultant duties no longer require him to have access to IBMi. Strictly coincidental, not as a security concern or a disciplinary measure.
Note: how do you decrypt the data in previous passwords? Is there something like Retrieve Encrypted User Password (QSYRUPWD) to do this?
IBM Certified System Administrator - IBM i 6.1
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
As an Amazon Associate we earn from qualifying purchases.