Security Officer Password Lost

I lost/forget the Security Officer Password.

I know that their is a manual form to rest the password, but I didn't find the information.

Can somebody help me on this.

Our AS/400 is a eServer i5 520 V5R3


Danny Pastrana
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hi, you need to have the DST password for QSECOFR, do you have it?

go to the machine panel, then set IPL mode to manual, then select option 21 from the panel, it will display DST screen on your console (If it doesn't work, you have to do manual IPL to reach the DST screen).

From the DST main menu:
Select "Work with DST Environment" (option#5?)
Select "DST User Profile" (option#3?)
Select "Reset System Default Password" (option#4?)

You may try the user QSECOFR with password=QSECOFR, if still doesn't work, you may need to do IPL.

good luck.

PS: If you don't have your DST password, then you may have to find a "backdoor", there is usually some loopholes in the system that allow us to penetrate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MurpheyApplication ConsultantCommented:
I know (long time ago when the AS.400 had a key) that you can set the key on "Service" and start th IPL, during the IPL a Service menu is shown on the console (an other old thing). In this service menu there was an option to change the QSECOFR password. I''m sure there is still a service option but because I didn't see an AS/400 for 5 years (it's phisically somewhere in Europe) I don't know how it is done now?

So go for te service menu !!!!
Thats what dedy is talking about, exept nowadays you can use *part* of the service menu (DST = dedicated service tools) without having to IPL. You get into the DST screen by selecting option 21 on the control panel (the part of the AS/400 with the key you mentioned)
Because a lost QSECOFR password is the problem, it's just barely possible that DST provides an answer. I say it that way for a variety of reasons.

For a start, the easiest way would be just to sign on with the site's security officer profile (*NOT* QSECOFR) and then simply change the QSECOFR password. No muss, no fuss.

That is, the smallest bit of applied principles would've avoided this altogether. The primary principle here is: Don't use QSECOFR except at IBM's direction. There is no need ever to use QSECOFR otherwise. The very first time it's used -- to start the system initially -- create a site security officer profile as user class *SECOFR and all special authorities. Then change the QSECOFR password from the default and stash the password away. Use the site security officer logon from then on. The QSECOFR password ought to be in a safe location.

If the site security officer password is lost, use QSECOFR to recover. Or create a CL program owned by QSECOFR that will reset the site security officer password back to default and will also log the change. Grant authority to that program to some other profile(s) that is(are) responsible for system management and *EXCLUDE *PUBLIC from it. Then the password can be recovered just by calling the program from an authorized profile.

Note that these might be the _only_ ways to accomplish this at V5R3 unless you want to pay IBM a tidy sum to do it. At V5R3 (and perhaps all the way back to V5R1?) you can restrict DST access to passwords. If that option has been set, then DST will not be any help. (Unless you're really really really good at Display/Alter/Print and can walk all the chains necessary and can can directly change DASD exactly right; but I don't know that anyone has managed that yet.)

But, if a lost QSECOFR password is the problem, then I'd guess the system hasn't been secured yet anyway. So DST will probably work.


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IBM System i

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.