IBM i system values
Learn about the system values that are important in client/server environments.
A system value contains control information that operates certain parts of the system. A user can change the system values to define the work environment. Examples of system values are system date and library list.
There are many system values. The following values are of particular interest in a client/server environment.
- QAUDCTL
- Audit control. This system value contains the on and off switches for object and user level auditing. Changes that are made to this system value take effect immediately.
- QAUDENDACN
- Audit journal error action. This system value specifies the action the system takes if errors occur when an audit journal entry is being sent by the operating system security audit journal. Changes that are made to this system value take effect immediately.
- QAUDFRCLVL
- Force audit journal. This system value specifies the number of audit journal entries that can be written to the security auditing journal before the journal entry data is forced to auxiliary storage. Changes that are made to this system value take effect immediately.
- QAUDLVL
- Security auditing level. Changes made to this system value take effect immediately for all jobs running on the system.
- QAUTOVRT
- Determines whether the system should automatically create virtual devices. This is used with display station pass-through and Telnet sessions.
- QCCSID
- The coded character set identifier, which identifies:
- A specific set of encoding scheme identifiers
- Character set identifiers
- Code page identifiers
- Additional coding-related information that uniquely identifies the coded graphic character representation needed by the system
This value is based on the language that is installed on the system. It determines whether data must be converted to a different format before being presented to the user. The default value is 65535, which means this data is not converted.
- QCTLSBSD
- The controlling subsystem description
- QDSPSGNINF
- Determines whether the sign-on information display shows after sign-on by using the 5250 emulation functions (workstation function, PC5250).
- QLANGID
- The default language identifier for the system. It determines the default CCSID for a user's job if the job CCSID is 65535. The clients and servers use this default job CCSID value to determine the correct conversion for data that is exchanged between the client and the server.
- QLMTSECOFR
- Controls whether a user with all-object (*ALLOBJ) or service (*SERVICE)
special authority can use any device. If this value is set to 1, all
users with *ALLOBJ or *SERVICE special authorities must have specific
*CHANGE authority to use the device.
This affects virtual devices for 5250 emulation. The shipped value for this is 1. If you want authorized users to sign-on to PCs, you must either give them specific authority to the device and controller that the PC uses or change this value to 0.
- QMAXSIGN
- Controls the number of consecutive incorrect sign-on attempts
by local and remote users. Once the QMAXSIGN value is reached, the
system determines the action with the QMAXSGNACN system value.
If the QMAXSGNACN value is 1 (vary off device), the QMAXSIGN value does not affect a user who enters an incorrect password on the PC when they are starting the connection.
This is a potential security exposure for PC users. The QMAXSGNACN should be set to either 2 or 3.
- QMAXSGNACN
- Determines what the system does when the maximum number of sign-on attempts is reached at any device. You can specify 1 (vary off device), 2 (disable the user profile) or 3 (vary off device and disable the user profile). The shipped value is 3.
- QPWDEXPITV
- The number of days for which a password is valid. Changes that are made to this system value take effect immediately.
- QPWDLMTAJC
- Limits the use of adjacent numbers in a password. Changes that are made to this system value take effect the next time a password is changed.
- QPWDLMTCHR
- Limits the use of certain characters in a password. Changes that are made to this system value take effect the next time a password is changed.
- QPWDLMTREP
- Limits the use of repeating characters in a password. Changes that are made to this system value take effect the next time a password is changed.
- QPWDLVL
- Determines the level of password support for the system, which includes the password length that is supported, the type of encryption used for passwords, and whether IBM® i NetServer passwords for the Windows clients are removed from the system. Changes that are made to this system value take effect on the next IPL.
- QPWDMAXLEN
- The maximum number of characters in a password. Changes that are made to this system value take effect the next time a password is changed.
- QPWDMINLEN
- The minimum number of characters in a password. Changes that are made to this system value take effect the next time a password is changed.
- QPWDPOSDIF
- Controls the position of characters in a new password. Changes that are made to this system value take effect the next time a password is changed.
- QPWDRQDDGT
- Requires a number in a new password. Changes that are made to this system value take effect the next time a password is changed.
- QPWDRQDDIF
- Controls whether the password must be different than previous passwords.
- QPWDVLDPGM
- Password validation program name and library that are supplied by the computer system. Both an object name and library name can be specified. Changes that are made to this system value take effect the next time a password is changed.
- QRMTSIGN
- Specifies how the system handles remote sign-on requests. A TELNET
session is actually a remote sign-on request. This value determines
several actions, as follows:
- '*FRCSIGNON': All remote sign-on sessions are required to go through normal sign-on processing.
- '*SAMEPRF': For 5250 display station pass-through or workstation function, when the source and target user profile names are the same, the sign-on may be bypassed for remote sign-on attempts. When using TELNET, the sign-on may be bypassed.
- '*VERIFY': After verifying that the user has access to the system, the system allows the user to bypass the sign-on.
- '*REJECT': Allows no remote sign-on for 5250 display station pass-through or work station function. TELNET uses a value of *FRCSIGNON when *REJECT is specified and displays the sign-on display. If you want to reject all TELNET requests to the system, end the TELNET servers.
- ' program library': The user can specify a program and library (or *LIBL) to decide which remote sessions are allowed and which user profiles can be automatically signed on from which locations. This option is only used for passthrough. TELNET uses a value of *FRCSIGNON when this program is specified.
This value also specifies a program name to run that determines which remote sessions are to be allowed.
The shipped value is *FRCSIGNON. If you want users to be able to use the bypass sign-on function of the 5250 emulator, change this value to *VERIFY.
- QSECURITY
- System security level. Changes that are made to this system value
take effect at the next IPL.
- 20 means that the system requires a password to sign-on.
- 30 means that the system requires password security at sign-on and object security at each access. You must have authority to access all system resources.
- 40 means that the system requires password security at sign-on and object security at each access. Programs that try to access objects through unsupported interfaces fail.
- 50 means that the system requires password security at sign-on, and users must have authority to access objects and system resources. The security and integrity of the QTEMP library and user domain objects are enforced. Programs that try to access objects through interfaces that are not supported or that try to pass unsupported parameter values to supported interfaces will fail.
- QSTRUPPGM
- The program that runs when the controlling subsystem starts or when the system starts. This program performs set up functions such as starting subsystems.
- QSYSLIBL
- The system part of the library list. This part of the library list is searched before any other part. Some client functions use this list to search for objects.