asked on

Check when iSeries user password was changed

Hi

We have had a password for a iSeries user profile changed. this is a user that is used by internal programs only.

I would like to find out when the password was changed and by whom.
Is there a command I can use for this?

Regards

Gerald

Theo Kouwenhoven

Hi Gerald,

Using command WRKOBJ OBJ(*ALL/profilename) OBJTYPE(*USRPRF) ,
you can see the last change date/time by placing option 8 infront of the line (2nd screen)
The user by whom is to find in your joblog.
By placing option 5 you can see the authorization for this object, maybe you have to limit that.

Cheers

Gary Patterson, CISSP

While the "Date password last changed" is stored as part of the *USRPRF object (DSPUSRPRF *BASIC), the name of the user who changed it is not.

To capture this information requires some configuration.

You can either configure and enable the Security Audit Journal (my recommended solution), which will capture the name of the user and job that changes a given profile's password, or you can create an exit point program for the QIBM_QSY_CHK_PASSWRD exit point that logs the information you want when a password is changed.

I recommend security auditing. It is flexible and provides the capability to track lots of security-related changes.

https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/rzarlusesecjnl.htm
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/apis/xsyckphr.htm

gmollineau

ASKER

Not exactly what i was looking for but helpful in a way.

ASKER CERTIFIED SOLUTION

Gary Patterson, CISSP

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

gmollineau

ASKER

Thanks

This is helpful in guiding me to put something in place.

Gerald