Disabled user profiles

 

iSeries™ NetServer™ uses i5/OS® user profiles and passwords to allow network administrators to control how users can access data. In addition, the QMAXSIGN system value specifies how many unauthorized sign-on attempts disable the user profile for iSeries NetServer use.

A user profile becomes disabled when the user tries to access iSeries NetServer a specified number of times with an incorrect password. A user profile cannot become completely disabled when connecting to a system with iSeries NetServer. If a user exceeds the maximum number of sign-on attempts, the user profile becomes disabled for iSeries NetServer use only. Other types of access, such as a system sign-on, are not prevented.

iSeries NetServer uses the last-changed date in i5/OS user profiles to determine whether they have changed since becoming disabled. If the last-changed date is newer than the date of becoming disabled, the user profile becomes enabled again for use with iSeries NetServer.

Notes:

  1. The QSYSOPR message queue displays the CPIB682 error message, which indicates when an i5/OS user profile was disabled for use with iSeries NetServer.

  2. Some clients will try a name and password several times without the user being aware of it. For example, if the user's desktop password does not match the i5/OS user profile password, the client can try to access iSeries NetServer several times before displaying the Network Password window. When the correct password is supplied, the user profile might already be disabled for iSeries NetServer use on the system. If you encounter this situation, the maximum sign-on attempts allowed system value, QMAXSIGN, can be increased to accommodate multiple client authentication attempts. You can use the Work with System Values command WRKSYSVAL SYSVAL (QMAXSIGN) to change the maximum sign-on times.

 

Parent topic:

Administering iSeries NetServer