This page is related to a scenario where users are connected to the IBMi box via 5250 green-screen workstations, via TELNET, or via WEB Terminal Emulator.
- First of all you must logon with a user profile having *SECADM special authority and enter command PWDSERVE.
This command submits a non-ending batch job that will take care of updating a user profile when an user logs on with the assigned temporary password (see step 4 below).
- Use command PWDRESET to reset the password of a given user profile. The password is automatically assigned and returned to you.
- Communicate the new password to the owner of the user profile.
- As soon as the owner of the user profile signs on, he will be requested to change his password (One Time Password, OTP, see this page).
This is done from command PWDRESET by changing the initial program of the user profile. The original initial program will be restored as soon as the user changes his password.
This command requires a user profile having *SECADM special authority.
The following describes the scope of this job.
It submits to job queue QSYSNOMAX a non-ending job, named PWDSERVE.
This job executes under the user profile of the submitting job.
Therefore, it is able to change user profiles.
Note - If the PWDSERVE job is already active, command PWDRESET has no effect.
- This utility provides a tool (command PWDRESET, see next) which forces the initial program of a user
profile to ask for a new password.
- On sign-on, the user is requested to provide a new password. Once the user
has entered the new password, the job is ended. Meanwhile, the new password
gets in control of the PWDSERVE job, which updates the user profile as follow:
- the new password replaces the current one
- the initial program is set back to its original value.
Also this command requires a user profile having *SECADM special authority.
Use this command to reset the password and the initial program of a given user profile.
Reset user profile password (PWDRESET)
Type choices, press Enter.
User profile . . . . . . . . . . USRPRF ABC Name
Length of the new password . . . PWDLEN 8 5-10
User e-mail address . . . . . . EMAIL email@example.com
|Figure 1 - Command PWDRESET|
Note - Parameter EMAIL is the e-mail address of the user profile.
If library MMAIL and command MMAIL/EMLPTUMSG are available,
a message with the new password will be sent to this e-mail address.
- The new password is automatically assigned, has the length specified in paramer PWDLEN, and is returned on the Command Entry screen as soon as the command ends.
- The new initial program is a program from this utility (see Figure2) which asks the user to enter a new password.
User sign on
When the user signs on, the following screen appears:
As soon as the user enters his new password,
|Figure 2 - When user sign on|
- The program sends some data to the batch PWDSERVE job.
- The PWDSERVE job updates the user profile by changing the password and setting back the initial program to its original value (before command PWDRESET)
- The PWDSERVE jobs sends an acknowledgment to the interactive program.
- The interactive program signs off.