Kisco Systems

Kisco U

Enforcing IBM i password rules

Home : Kisco U : Enforcing IBM i password rules

There are a wealth of password options available, under the system value of QPWDRULES (Password Rules)

These system values are useful to enforce password policies:

  • QPWDEXPITV: How often users are required to change password
  • QPWDRQDDIF: Defines how many iterations must pass before a password is allowed to be reused
  • QPWDLMTCHR: Character exclusion list - up to 10 characters that CANNOT be used in passwords. This setting is NOT enforced when using long passwords (see QPWDLVL above)
  • QPWDRQDDGT: Force at least one numeric digit in passwords
  • QPWDLMTAJC: Prevent repeating adjacent numbers
  • QPWDLMTREP: Prevent repeating adjacent characters
  • QPWDPOSDIF: New passwords cannot have any characters in the same position as the previous password
  • QPWDMINLEN: Sets minimum password length
  • QPWDMAXLEN: Sets maximum password length
  • QPWDVLDPGM: Define a password exit program so you can implement your own requirements
  • QMAXSIGN: Number of failed signon attempts (can be overridden by individual user profiles)
  • *LMTPRFNAME: The profile name string cannot appear in the password
  • *MIXCASEn: The password must contain at least n upper case characters and n lower case characters. Requires QPWDLVL setting of 2 or higher.
  • *REQANY3: Password must contain at least one character from the four character types of uppercase letters, lowercase letters, digits and special characters.

Password system values can be set in Navigator: