Values that are set by the Configure System Security command

This table lists the system values that are set when you run the Configure System Security (CFGSYSSEC) command that runs a program that is called QSYS/QSECCFGS.

Table 1. Values set by the CFGSYSSEC command
System value name Setting System value description
QALWJOBITP 0 (Do not allow) Allow jobs to be interrupted
QALWOBJRST *NONE Whether objects with security sensitive attributes or validation errors can be restored.
QAUDCTL *AUDLVL *OBJAUD *NOQTEMP Security auditing control
QAUDLVL *AUDLVL2 (Use QAUDLVL2) Security auditing level
QAUDLVL2 *AUTFAIL *CREATE *DELETE *OBJMGT *PGMFAIL *SAVRST *SECURITY *SERVICE *SYSMGT Security auditing level extension
QAUTOCFG 0 (Off) Automatic configuration of new devices
QAUTOVRT 0 The number of virtual device descriptions that the system will automatically create if no device is available for use.
QDEVRCYACN *DSCMSG (Disconnect with message) System action when communications is re-established
QDSCJOBITV 60 (minutes) Time period before the system takes action on a disconnected job
QDSPSGNINF 1 (Yes) Whether users see the sign-on information display
QFRCCVNRST 4 (Convert objects with sufficient creation data and not valid signatures) Force conversion on restore
QINACTITV 15 (minutes) Time period before the system takes action on an inactive job
QINACTMSGQ *DSCJOB (Disconnect job) Action that the system takes for an inactive job
QLMTDEVSSN 1 Maximum number of device sessions a users can sign on to
QLMTSECOFR 1 (Yes) Whether *ALLOBJ and *SERVICE users are limited to specific devices
QMAXSIGN 3 How many consecutive, unsuccessful sign-on attempts are allowed
QMAXSGNACN 3 (Both) Whether the system disables the workstation or the user profile when the QMAXSIGN limit is reached.
QPWDCHGBLK 24 Number of hours to block a password change
QPWDEXPITV 90 (days) How often users must change their passwords
QPWDEXPWRN 14 Number of days prior to password expiration to begin showing warning
QPWDRQDDIF 1 (32 unique passwords) How many unique passwords are required before a password can be repeated
QPWDRULES When QPWDLVL 0 or 1:
  • *ALLCRTCHG
  • *LMTPRFNAME
  • *MINLEN8
  • *REQANY3
  • *DGTLMTFST1
When QPWDLVL greater than 1:
  • *ALLCRTCHG
  • *LMTPRFNAME
  • *MINLEN15
 Rules for forming a valid password.
QPWDVLDPGM *NONE The user exit program that the system calls to validate passwords
QRMTSIGN *FRCSIGNON How the system handles a remote (pass-through or TELNET) sign-on attempt.
QRMTSRVATR 0 (Off) Allows the system to be analyzed remotely.
QSECURITY 50 2 The level of security that is enforced
QVFYOBJRST 3 Verify object on restore
1
If QPWDLVL is 0 or 1, *DGTLMTFST is assumed. It is specified to avoid getting warning message CPD22C5 - QPWDRULES *DGTLMTFST value assumed.
2
If you are currently running with a QSECURITY value of 30 or lower, be sure to review the information in Using System Security (QSecurity) system value before you change to a higher security level.
The CFGSYSSEC command also sets the password to *NONE for the following IBM-supplied user profiles:
  • QSYSOPR
  • QPGMR
  • QUSER
  • QSRV
  • QSRVBAS