Password Rules (QPWDRULES)
The Password Rules (QPWDRULES) system value specifies the rules used to check whether a password is formed correctly. You can specify more than one value for the QPWDRULES system value, unless you specify *PWDSYSVAL.
Changes made to this system value take effect the next time a password is changed.
| *PWDSYSVAL | This value specifies that the QPWDRULES system value is ignored and the other password system values are used to check whether a password is formed correctly. These other password system values include QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, QPWDMAXLEN, QPWDMINLEN, QPWDPOSDIF, and QPWDQDDGT. Note: If any value other
than *PWDSYSVAL is specified for QPWDRULES, the QPWDLMTAJC, QPWDLMTCHR,
QPWDLMTREP, QPWDMAXLEN, QPWDMINLEN, QPWDPOSDIF, and QPWDRQDDGT system
values are ignored when a new password is checked to see if it is
formed correctly. In addition, any attempt to change these system
values will be rejected as long as the QPWDRULES system value contains
a value other than *PWDSYSVAL.
|
 *ALLCRTCHG  |
Enforce all password composition
rules defined in the QPWDRULES system value when setting a password
via the Create User Profile (CRTUSRPRF) command or the Change User
Profile (CHGUSRPRF) command. CRTUSRPRF and CHGUSRPRF validation programs
registered for the QIBM_QSY_VLD_PASSWRD exit point, format VLDP0200,
will be called to validate the password after the password composition
rules have been checked. Note:
Password composition
rules are always enforced when using the Change Password (CHGPWD)
command and the Change User Password (QSYCHGPW) API, regardless of
whether or not *ALLCRTCHG is specified. |
| *CHRLMTAJC | The value specifies that a password cannot contain 2 or more occurrences of the same character that are positioned adjacent to each other. This value performs the same function as specifying a value of 2 for the QPWDLMTREP system value. If the *CHRLMTREP value was specified, this value cannot be specified. Examples:
Better.test not valid - tt fix11bugs not valid - 11 @12/A78 valid A1234A1234 valid |
| *CHRLMTREP | The value specifies that a password cannot contain 2 or more occurrences of the same character. This value performs the same function as specifying a value of 1 for the QPWDLMTREP system value. If the *CHRLMTAJC value was specified, this value cannot be specified. Examples:
John.Jones not valid - J o n THISONEOK not valid - O @12/A78 valid AaCcEeFfGg valid |
| *DGTLMTAJC | The value specifies that a password cannot contain 2 or more adjacent digit characters. Examples:
@12/A78 not valid !@#$%a1234. not valid THISONEOK valid A1B2C3DE5 valid |
| *DGTLMTFST | The value specifies that the first character of a password cannot be a digit character. If *LTRLMTFST and *SPCCHRLMTFST values were specified, this value cannot be specified. If the system is operating at password level 0 or 1, the system functions like the *DGTLMTFST value is specified. Examples:
16ST-SW-Roch not valid - 1 99BottlesOfBeer not valid - 9 @12/A78 valid Allow-this.1 valid |
| *DGTLMTLST | The value specifies that the last character of the password cannot be a digit character. If *LTRLMTLST and *SPCCHRLMTLFST values were specified, this value cannot be specified. Examples:
John.doe12 not valid - 2 @12/A78 not valid - 8 THISONEOK valid A1234b123. valid |
| *DGTMAXn | The value specifies the maximum number of digit characters that can occur in the password. The n is a number from 0 to 9. Only one *DGTMAXn value can be specified. If a *DGTMINn value is also specified, the n value specified for *DGTMAXn must be greater than or equal to the n value specified for *DGTMINn. Examples: for *DGTMAX2
Q12345678 not valid - 6 digits too many 3-2-1->Go not valid - 1 digit too many Rick1 valid Ed1-Jeff3 valid |
| *DGTMINn | The value specifies the minimum number of digit characters that must occur in the password. The n is a number from 0 to 9. Only one *DGTMINn value can be specified. If a *DGTMAXn value is also specified, the n value specified for *DGTMAXn must be greater than or equal to the n value specified for *DGTMINn. Examples: for *DGTMIN3
Rick1 not valid - only 1 digit Ed1-Jeff3 not valid - only 2 digits 3-2-1->Go valid Q12345678 valid |
| *LMTSAMPOS | The same character cannot be used in a position corresponding to the same position in the previous password. This value performs the same function as the QPWDPOSDIF system value.
Examples: for
*LMTSAMPOS when Vote4Me was previous password:
Victory1 not valid - V in position 1 Mine2love not valid - e in position 4 vOTE-mE valid (case is different) Allisgood valid |
| *LMTPRFNAME | The uppercase password value cannot contain the complete user profile name in consecutive positions. Examples: for *LMTPRFNAME with profile name
is JOHNB:
bigJOHNB9 not valid - positions 4-8 JohnB78 not valid - positions 1-5 J_ohn_B234 valid john_b valid |
| *LTRLMTAJC | The value specifies a password cannot contain 2 or more adjacent letter characters. Examples:
John.Smith not valid THISONEOK not valid @12/A78 valid A1234b1234 valid |
| *LTRLMTFST | The value specifies the first character of the password cannot be a letter character. If *DGTLMTFST and *SPCCHRLMTFST values were specified, this value cannot be specified. If the system is operating with a QPWDLVL value of 0 or 1, *LTRLMTFST and *SPCCHRLMTFST cannot both be specified. Examples:
John.Smith not valid - J THISONEOK not valid - T @12/A78 valid 16ST-SW-Roch valid |
| *LTRLMTLST | The value specifies the last character of the password cannot be a letter character. If *DGTLMTLST and *SPCCHRLMTLST values were specified, this value cannot be specified Examples:
John.Smith not valid - h 1Allow.It not valid - t @12/A78 valid (pay*rate) valid |
| *LTRMAXn | The value specifies the maximum number of letter characters that can occur in the password. The n is a number from 0 to 9. Only one *LTRMAXn value can be specified. If a *LTRMINn value is also specified, the n value specified for *LTRMAXn must be greater than or equal to the n value specified for *LTRMINn. If a *MIXCASEn value is also specified, the n value specified for *LTRMAXn must be greater than or equal to 2 times the n value specified for *MIXCASEn. Examples: for *LTRMAX4
THISONEOK not valid - 5 letters too many John.Smith1 not valid - 5 letters too many John1423 valid A1b2.#456 valid |
| *LTRMINn | The value specifies the minimum number of letter characters that must occur in the password. The n is a number from 0 to 9. Only one *LTRMINn value can be specified. If a *LTRMAXn value was specified, the n value specified for *LTRMAXn must be greater than or equal to the n value specified for *LTRMINn. Examples: for *LTRMIN2
@12/A78 not valid - only 1 letter !@#$%a1234 not valid - only 1 letter THISONEOK valid A1234b1234 valid |
| *MAXLENnnn | The value specifies the maximum number of characters in a password. The nnn is a number from 1 to 128 (without leading zeros). This value performs the same function as the QPWDMAXLEN system value. If the system is operating at QPWDLVL 0 or 1, the valid range is from 1 to 10. If the system is operating at QPWDLVL 2 or 3, the valid range is from 1 to 128. The nnn value specified must be large enough to accommodate all *MIXCASEn, *DGTMAXn, *LTRMAXn, *SPCCHRMAXn, first and last character restrictions, and non-adjacent character requirements. If *MINLENnnn is also specified, the nnn value specified for *MAXLENnnn must be greater than or equal to the nnn value specified for *MINLENnnn. If no *MAXLENnnn value is specified, a value of *MAXLEN10 is assumed if the system is operating with a QPWDLVL value of 0 or 1 or a value of *MAXLEN128 is assumed if the system is operating with a QPWDLVL value of 2 or 3. |
| *MINLENnnn | The value specifies the minimum number of characters in a password. The nnn is a number from 1 to 128 (without leading zeros). If the system is operating at QPWDLVL 0 or 1, the valid range is from 1 to 10. If the system is operating at QPWDLVL 2 or 3, the valid range is from 1 to 128. If *MAXLENnnn is also specified, the nnn value specified for *MAXLENnnn must be greater than or equal to the nnn value specified for *MINLENnnn. If no *MINLENnnn value is specified, a value of *MINLEN1 is assumed. |
| *MIXCASEn | The value specifies a password must contain at least n uppercase and n lowercase letters. The n is a number from 0 to 9. This value is rejected if the system is operating with a QPWDLVL value of 0 or 1 because passwords are required to be uppercase. Only one *MIXCASEn value can be specified. If a *LTRMAXn value was specified, the n value specified for *LTRMAXn must be greater than or equal to two times the n value specified for *MIXCASEn. Examples: for *MIXCASE2
@12/A78bC not valid - missing 1 lowercase THISONEOK not valid - missing 2 lowercase ThisIsOkay valid Allow-It valid |
| *REQANY3 | The value specifies a password must contain
characters from at least three of the following four types of characters.
When the system is operating with a QPWDLVL of 0 or 1, *REQANY3 has the same effect as if *DGTMIN1, *LTRMIN1, and *SPCCHRMIN1 were all specified. Examples:
THISONEOK not valid - only 1 type @12/-78 not valid - only 2 types A1234b1234 valid - upper, lower, digit John.Smith valid - upper, lower, special peter(21) valid - lower, special, digit |
| *SPCCHRLMTAJC | The value specifies a password cannot contain 2 or more adjacent (consecutive) special characters. A character is considered as a special character if its equivalent unicode character has the property of not being a letter nor a digit. Examples:
Big//Box not valid this->way not valid @12/A78 valid John.Smith valid |
| *SPCCHRLMTFST | The value specifies the first character of the password cannot be a special character. A character is considered as a special character if its equivalent unicode character has the property of not being a letter nor a digit. If *DGTLMTFST and *LTRLMTFST values were specified, this value cannot be specified. If the system is operating with a QPWDLVL value of 0 or 1, *LTRLMTFST and *SPCCHRLMTFST cannot both be specified. Examples:
(2+2equals4) not valid - ( #fred/#charlie not valid - # 1Good->one12 valid A1234b1234 valid |
| *SPCCHRLMTLST | The value specifies the last character of the password cannot be a special character. A character is considered as a special character if its equivalent unicode character has the property of not being a letter nor a digit. If *DGTLMTLST and *LTRLMTLST values were specified, this value cannot be specified. Examples:
A1234b123. not valid - . >John.Doe< not valid - < THISONEOK valid @12/A78 valid |
| *SPCCHRMAXn | The value specifies the maximum number of special characters that may occur in the password. The n is a number from 0 to 9. A character is considered as a special character if its equivalent unicode character has the property of not being a letter nor a digit. Only one *SPCCHRMAXn value can be specified. If a *SPCCHRMINn value was specified, the n value specified for *SPCCHRMAXn must be greater than or equal to the n value specified for *SPCCHRMINn. Examples: for *SPCCHRMAX3
@12/A78.b# not valid - 1 too many !@#$%a1234 not valid - 2 too many THISONEOK valid A1234b-234 valid |
| *SPCCHRMINn | The value specifies the minimum number of special characters that must occur in the password. The n is a number from 0 to 9. A character is considered as a special character if its equivalent unicode character has the property of not being a letter nor a digit. Only one *SPCCHRMINn value can be specified. If a *SPCCHRMAXn value was specified, the n value specified for *SPCCHRMAXn must be greater than or equal to the n value specified for *SPCCHRMINn. Examples: for *SPCCHRMIN4
Su@us.ibm.com not valid - 1 too few 123+45=168 not valid - 2 too few A.B@us.ibm.com valid (24/8=3) valid |