Maximum Sign-On Attempts (QMAXSIGN)
The Maximum Sign-On Attempts (QMAXSIGN) system value controls the number of consecutive sign-on or password verification attempts that are not correct by local and remote users.
Incorrect sign-on or password verification attempts can be caused by a user ID that is not correct, a password that is not correct, or inadequate authority to use the workstation.
When the maximum number of sign-on or password verification attempts is reached, the QMAXSGNACN system value is used to determine the action to be taken. A CPF1393 message is sent to the QSYSOPR message queue (and QSYSMSG message queue if it exists in library QSYS) to notify the security officer of a possible intrusion.
If you create the QSYSMSG message queue in the QSYS library, messages about critical system events are sent to that message queue as well as to QSYSOPR. The QSYSMSG message queue can be monitored separately by a program or a system operator. This provides additional protection of your system resources. Critical system messages in QSYSOPR are sometimes missed because of the volume of messages sent to that message queue.
| Value | Description |
|---|---|
| 3 | A user can try a maximum of 3 sign-on or password verification attempts. |
| *NOMAX | The system allows an unlimited number of incorrect sign-on or password verification attempts. This gives a potential intruder unlimited opportunities to guess a valid user ID and password combination. |
| limit | Specify a value from 1 through 25. The recommended number of sign-on or password verification attempts is three. Typically, three attempts are enough to correct typing errors but low enough to help prevent unauthorized access. |
Recommended value: 3