×

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.



  1.  Home
  2. SECURITY400
  3. April 2008

Re: New Password rules at VRM610

Well, look who's back in the land of the living in the world of Midrange!

Hello Leif...welcome back... :)

Don in DC

=============================================

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Leif Svalgaard
Sent: Monday, April 21, 2008 10:24 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] New Password rules at VRM610

QPWDLMTCHR allows you to force omission of certain characters from
passwords (typically vowels) but I cannot see a similar function in
the new rules.

And for a very good reason as it is a silly facility to have. Every time you
remove symbols from key, the key-space gets smaller, thus weakening
the encryption. I guess IBM finally wizened up.


On Mon, Apr 21, 2008 at 9:13 PM, Simon Coulter <shc@xxxxxxxxxxxxxxxxx>
wrote:

I was looking through the changes for security in VRM610 specifically
the new system values for password rules. Essentially the old QPWD*
system values directly related to password rules are replaced
(supported but obviously deprecated) by a new single system value
QPWDRULES that takes multiple values. All-in-all a good idea but I
noticed the following anomaly:

There appears to be no direct replacement for the QPWDLMTCHR
system
value.

QPWDLMTCHR allows you to force omission of certain characters from
passwords (typically vowels) but I cannot see a similar function in
the new rules.

Is this simply a documentation oversight?
Is QPWDLMTCHR still effective even when using the new method?
Have I simply missed something?

Regards,
Simon Coulter.
--------------------------------------------------------------------
FlyByNight Software OS/400, i5/OS Technical Specialists

http://www.flybynight.com.au/
Phone: +61 2 6657 8251 Mobile: +61 0411 091 400 /"\
Fax: +61 2 6657 8251 \ /
X
ASCII Ribbon campaign against HTML E-Mail / \
--------------------------------------------------------------------



_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.






As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.