User Profile Changes in IBM i 7.5 – User Profiles
Tech Note
IBM i 7.5 made several changes to the Create and Change User Profile commands.
IBM made several changes in IBM i 7.5 to the Create and Change User Profile (CRT/CHGUSRPRF) commands. The most obvious is that the PASSWORD parameter now defaults to *NONE rather than *USRPRF. In other words, the profile will no longer, by default, be created with a password that’s the same as the user profile name. See Figure 5.1. Also, you will no longer get an error message if you specify the Set password to expired parameter (PWDEXP) to *YES and leave the User password field as *NONE. (In prior releases, this is an error that would have prevented the profile from being created.) This change is especially helpful if you’ve changed the command default for the PWDEXP parameter from *NO to *YES.
Figure 5.1: Create and Change User Profile now defaults the PASSWORD parameter to *NONE rather than *USRPRF.
Another change to CRT/CHGUSRPRF is the addition of the Maximum sign-on attempts (MAXSIGN) parameter. See Figure 5.2. It defaults to the value of the QMAXSIGN system value but allows you to override this and specify a different value for the number of invalid sign-on attempts that you allow before some action is taken. Note that the action taken is still governed by the QMAXSGNACN system value.
Figure 5.2: You can now override the QMAXSIGN system value at the user profile level using the MAXSIGN parm.
You may now want to look for profiles where the MAXSIGN parm doesn’t default to the system value setting.
Please resist the temptation to change your profile to specify a large number for the maximum number of sign-on attempts to avoid disabling your own profile. As an administrator, you should want to protect your profile as much as possible. Giving someone a lot of attempts to come up with your password is irresponsible since you likely have all power on the system. If you use this parameter, it should be used only for profiles that have very little authority and are using devices that may present difficulty in typing in a password—something like an RF device. That, or override it to a lower value for powerful profiles (including yours).