We enforce matching user id's and matching passwords between IBM i and
Windows.
I have to laugh at all the people who think that this is a bad thing
because they fear Windows security yet they allow plain 5250 without SSL
into their systems. Any network sniffer (or even STRCMNTRC) can easily
figure out their IBM i passwords.
People who enforce differences remind me of Dilbert's "Mordac, preventer
of Information Services".
We use IBM's Secure Identity Manager (ISIM) formerly known as IBM's Tivoli
Identity Manager (ITIM). If you change your Windows password it
automatically sends it to all lpars of IBM i. We also run at QPWDLVL=3.
This allows large passwords with upper and lower case letters. Read the
Knowledge Center carefully before you change this.
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzarl/rzarlplanpwdchg.htm
And, if you do, I'd go straight from 0 to 3. Anything in between is a
waste of time and will frustrate the heck out of you.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.