Action When Sign-On Attempts Reached (QMAXSGNACN)

The Action When Sign-On Attempts Reached (QMAXSGNACN) system value determines what the system does when the maximum number of sign-on or password verification attempts is reached at a workstation.

Note: This system value is a restricted value. See Security system values for details on how to restrict changes to security system values and a complete list of the restricted system values.

Table 1. Possible values for the QMAXSGNACN system value:
3	Disable both the user profile and device.
1	Disable the device only.
2	Disable the user profile only.

The system disables a device by varying it off. The device is disabled only if the sign-on attempts that are not valid are consecutive on the same device. One valid sign-on resets the count of incorrect sign-on attempts for the device.

The system disables a user profile by changing the Status parameter to *DISABLED. The user profile is disabled when the number of incorrect sign-on attempts for the user reaches the value in the QMAXSIGN system value, regardless of whether the incorrect sign-on attempts were from the same or different devices. One valid sign-on or password verification resets the count of incorrect sign-on attempts in the user profile.

If you create the QSYSMSG message queue in QSYS, the message sent (CPF1397) contains the user and device name. Therefore, it is possible to control the disabling of the device based on the device being used.

Maximum Sign-On Attempts (QMAXSIGN) provides more information about the QSYSMSG message queue.

If the QSECOFR profile is disabled, you may sign on as QSECOFR at the console and enable the profile. If the console is varied off and no other user can vary it on, you must IPL the system to make the console available.

Recommended value: 3