[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

Security Officer Password Lost

I lost/forget the Security Officer Password.

I know that their is a manual form to rest the password, but I didn't find the information.

Can somebody help me on this.

Our AS/400 is a eServer i5 520 V5R3

Thanx

Danny Pastrana
0
dpastrana
Asked:
dpastrana
4 Solutions
 
dedy_djajapermanaCommented:
hi, you need to have the DST password for QSECOFR, do you have it?

go to the machine panel, then set IPL mode to manual, then select option 21 from the panel, it will display DST screen on your console (If it doesn't work, you have to do manual IPL to reach the DST screen).

From the DST main menu:
Select "Work with DST Environment" (option#5?)
Select "DST User Profile" (option#3?)
Select "Reset System Default Password" (option#4?)

You may try the user QSECOFR with password=QSECOFR, if still doesn't work, you may need to do IPL.

good luck.

PS: If you don't have your DST password, then you may have to find a "backdoor", there is usually some loopholes in the system that allow us to penetrate.
0
 
theo kouwenhovenCommented:
I know (long time ago when the AS.400 had a key) that you can set the key on "Service" and start th IPL, during the IPL a Service menu is shown on the console (an other old thing). In this service menu there was an option to change the QSECOFR password. I''m sure there is still a service option but because I didn't see an AS/400 for 5 years (it's phisically somewhere in Europe) I don't know how it is done now?

So go for te service menu !!!!
0
 
Mind_nlCommented:
Thats what dedy is talking about, exept nowadays you can use *part* of the service menu (DST = dedicated service tools) without having to IPL. You get into the DST screen by selecting option 21 on the control panel (the part of the AS/400 with the key you mentioned)
0
 
tliottaCommented:
Because a lost QSECOFR password is the problem, it's just barely possible that DST provides an answer. I say it that way for a variety of reasons.

For a start, the easiest way would be just to sign on with the site's security officer profile (*NOT* QSECOFR) and then simply change the QSECOFR password. No muss, no fuss.

That is, the smallest bit of applied principles would've avoided this altogether. The primary principle here is: Don't use QSECOFR except at IBM's direction. There is no need ever to use QSECOFR otherwise. The very first time it's used -- to start the system initially -- create a site security officer profile as user class *SECOFR and all special authorities. Then change the QSECOFR password from the default and stash the password away. Use the site security officer logon from then on. The QSECOFR password ought to be in a safe location.

If the site security officer password is lost, use QSECOFR to recover. Or create a CL program owned by QSECOFR that will reset the site security officer password back to default and will also log the change. Grant authority to that program to some other profile(s) that is(are) responsible for system management and *EXCLUDE *PUBLIC from it. Then the password can be recovered just by calling the program from an authorized profile.

Note that these might be the _only_ ways to accomplish this at V5R3 unless you want to pay IBM a tidy sum to do it. At V5R3 (and perhaps all the way back to V5R1?) you can restrict DST access to passwords. If that option has been set, then DST will not be any help. (Unless you're really really really good at Display/Alter/Print and can walk all the chains necessary and can can directly change DASD exactly right; but I don't know that anyone has managed that yet.)

But, if a lost QSECOFR password is the problem, then I'd guess the system hasn't been secured yet anyway. So DST will probably work.

Nevermind.

Tom
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now