IBM Support

Creating an IBM iSystem (AS/400) template and linking to the IBM iSeries (AS/400) Password Changer

How To


The IBM iSeries (AS/400) Terminal password changer is based on the Z/OS Mainframe password changer. It uses the 5250 terminal connection and scripting to perform the password change and heartbeat. You can modify the script for any advanced configuration requirements and Thycotic Professional Services is available if you require assistance.


The basic configurations steps are:
  • Create an IBM iSeries (AS/400) secret template
  • Modify the IBM iSeries (AS/400) secret template to use the new IBM iSeries (AS400) Password Changer
  • Modify the IBM iSeries (AS/400) password changer to your environment
Note: You can also change passwords on the AS/400 using SSH. Information for setting up through SSH can be found at:


Configuration Steps 

Task 1: Create an IBM iSeries (AS/400) secret template:

  1. Navigate to ADMIN > Manage Secret Templates. The Manage Secret Template page appears:

  1. Select the z/OS Mainframe template in the Manage Secret Templates list.
  2. Click the Edit button. The Secret Template Designer page appears:

  1. Click the Copy Secret Template button. A popup page appears:

  1. Type IBM iSeries (AS400) in the Name text box.
  2. Click the OK button. A confirmation page appears.
  3. Click the Continue button. The Secret Template Designer page for the new template appears:

  1. (Optional) Remove the passphrase, unless your environment specifically needs that text-entry field, by clicking the trashcan icon on the Passphrase row of the Fields table. Unlike the z/OS, the iSeries does not need the additional passphrase and will not have an option for it unless adjusted.

Task 2: Modify the IBM iSeries/AS400 secret type to use iSeries password changer:

  1. Click the Configure Password Changing button. The Secret Template Edit Password Changing page appears:

  1. Click the Edit button. The page becomes editable:

  1. Click the Password Type to Use list and select IBM iSeries Mainframe.
  2. (Optional) Make any changes as needed to the text boxes and lists.
  3. Click the Save button. The page is on longer editable:

  1. Click the Back button. The Secret Template Designer appears:

Task 3: Create secrets based on the new template as desired.

Task 4: Modify the IBM iSeries/AS400 password changer for your environment:

Note: The default password changer configuration requires no adjustment for the default IBM iSeries (AS/400) systems. However, additional parameters and connection string options are available.

  1. Navigate to ADMIN > Remote Password Changing:

  1. Click the Configure Password Changers button. The Password Changer Configuration page appears:

  1. Click the IBM iSeries Mainframe link. The IBM iSeries Mainframe page appears:

  1. Click the Edit button at the bottom of the page. The Edit Password Changer page appears:

  1. Adjust ports and other parameters to what you desire.

Note: For troubleshooting, you can add TRACE to the connection string and a trace file will be written to the Secret Server website or engine for further troubleshooting.

  1. Click the Save button.

Additional Functions

The IBM iSeries password changer and the underlying infrastructure offers additional features and options for unique IBM iSeries environments. The IBM iSeries password changer has additional commands to modify it to best fit your environment. Below are a list of parameters and adjustments that will help with this modification.

Some of the commands below are for very fine emulation for unique IBM iSeries environments which Thycotic Professional Services can assist with. Understanding that the password changer is emulating the input of a user, will help greatly when thinking of how to implement these commands properly. Some of these commands are implemented and tested on a base environment, so be cautious to not them in a production environment without testing or using the trace option to verify that they are working as expected.

The trace connection property logs the emulators inputs and the mainframes outputs, as well as ASCII screenshots of what is happening on the terminal GUI. This is a powerful tool when debugging the finer implementations of the RPC for unique environments.




Description or Example


Tab to the previous input field



Clear the screen

Mostly for trace usage


End the session to the mainframe



Delete a character under the cursor–can be used with <MoveCursor(#, #)>



Delete the entire text input or field



Delete the current word if available or delete the previous word if not



Disconnect the password changer’s connection to the mainframe



Move cursor down



Will send the Enter key press command



Erase previous character on a selected text input



Erase end-of-field of current text input


<Execute( )>

Execute commands in shell


<HexString( # )>

Insert a control character in a text field or string


<Key( # )>

Execute named iSeries keys

Execute unique keys via hex, character code or key symbol. Examples: <Key(41)>, <Key(Aunderbar)>,

<Key(A underbar)>


Move cursor left


<PF( # )>

Execute program function

Program function keys 1 to 24

<PA( # )>

Execute program attention

Program attention functions 1 to 3

<MoveCursor(#, #)>

Move the cursor by row and column



Move cursor right



Tab to the next line



Move cursor up

Document Location


[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWHLP","label":"IBM Security Secret Server"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
30 April 2019