RE: PWDLVL 2 to 3 question

I queried one of the systems.

Pwd 0-1 pwd 2-3 count
NO NO 1
NO YES 2
YES YES 360

The only NO/NO is QS2USRPF.

The two that are NO/YES I know have been changed since the switch to PWDLVL 2.

When they switch to PWDLVL 3, based on your response, if there is a YES in the second column, they will still have a password. The other question is what will the password be? If it was created under PWDLVL 0, would the password under PWDLVL 3 be pass123 or PASS123?


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Berendt
Sent: Tuesday, March 11, 2025 5:54 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: PWDLVL 2 to 3 question

"At QPWDLVL 3, all password level 0 and 1 passwords are cleared. The administrator can use the DSPAUTUSR command, the PRTUSRPRF TYPE(*PWDLVL) command, or the QSYS2.USER_INFO view to locate user profiles which don't have password level 2 or 3 passwords associated with them."
https://www.ibm.com/docs/en/i/7.5?topic=changes-considerations-changing-qpwdlvl-from-2-3

Nobody goes back (alive) so I wouldn't worry about losing level 0 or 1 passwords. Therefore when it clears the level 0 or 1 passwords you still have level 2 or 3 passwords. (Check QSYS2.USER_INFO) Level 2 was a total waste of time and forced us to use additional downtime to do another IPL to get to 3. If anyone is thinking of making the move then just go to 3. The only exception might be compatibility with really old unsupported versions of Windows. I mean really old. OTOH, if you're looking for the final excuse to kill them off...




On Tue, Mar 11, 2025 at 2:57 PM <smith5646midrange@xxxxxxxxx> wrote:

My client recently moved from PWDLVL 0 to 2. They are planning on
changing to 3 soon. Since the move from 0 to 2 is rather recent, not
all level 0 passwords will have been changed (90 day rotation to force a change).

I read the below paragraph in the IBM documentation for level 3. Does
this mean that their level 0 password is going to be wiped out and
they will no longer be able to sign on until we change their password?
I'm hoping someone can translate this for me.

Thanks.
******
All user profile passwords that are used at QPWDLVL 0 and 1 are
removed from the system when QPWDLVL is 3. Changing from QPWDLVL 3
back to QPWDLVL 0 or
1
requires a change to QPWDLVL 2 before going to 0 or 1. QPWDLVL 2
allows for the creation of user profile passwords that can be used at
QPWDLVL 0 or 1 as long as the length and syntax requirements for the
password meet the QPWDLVL
0 or 1 rules.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.