Analyze Default Passwords (ANZDFTPWD)
|Where allowed to run: All environments (*ALL)
The Analyze Default Passwords (ANZDFTPWD) command allows you to print a report of all the user profiles on the system that have a default password and to take an action against the profiles. A profile has a default password when the profile's password matches the user profile name.
When the system is operating at password level 2 or 3, both the uppercase and lowercase values of the user profile name are checked. However, mixed case values of the user profile name will not be checked. For example, if the user profile JAMES has a password of 'JAMES' or 'james' it will be detected as having a default password; but passwords of 'JaMeS' or 'James' will not be detected as default passwords.
Restriction: You must have *ALLOBJ and *SECADM special authorities to use this command.
The format of the report depends on what action is taken against the profiles. When no action is taken, each entry will contain the user profile name, the user profile's status (STATUS), whether the profile's password is expired (PWDEXP), and the text description associated with the profile (TEXT). When an action is taken against the profiles, each entry will also contain the user profile's STATUS and PWDEXP values after the profile has been changed.
The list of user profiles with default passwords is also put in the system file QASECPWD in library QUSRSYS. Each entry contains the user profile name, the user profile STATUS and PWDEXP values before and after the profile is changed, and the user profile TEXT value. If no action was requested, the second set of STATUS and PWDEXP values will be blank.
|ACTION||Action taken against profiles||Single values: *NONE
Other values (up to 2 repetitions): *DISABLE, *PWDEXP
Action taken against profiles (ACTION)
The action to be taken against the user profiles that have a default password.
- No action is taken against profiles with a default password.
- The user profile STATUS field is set to *DISABLED.
- The user profile PWDEXP field is set to *YES.
ANZDFTPWD ACTION(*DISABLE *PWDEXP)
This command analyzes all user profiles on the system. Any user profiles on the system that have a default password will be disabled and their passwords will be set to expired.
- Cannot open file &2 in library &3.
- Not authorized to check for default passwords.