Password policies for service tools user IDs

Service tools user IDs are separate from IBM® i user profiles. Passwords for service tools user IDs are encrypted at different levels of security. The default password level uses DES encryption. You should use DES encryption if you have pre-V5R1 clients that use System i® Navigator to connect to service functions, such as logical partitions and disk unit management.

You can change the password level to use SHA encryption, which is mathematically impossible to reverse and provides stronger encryption and a higher level of security. If you change to SHA encryption, however, you cannot change back to DES encryption. Also, if you change to SHA encryption, you can no longer connect to the service tools server with pre-V5R1 clients, such as Operations Console. When you upgrade your password level to SHA, you need to upgrade any clients that use these functions.