Password considerations

  1. Make sure that the i5/OS™ QRETSVRSEC system is set to 1. You can do this with the Work with System Values (WRKSYSVAL) command. If you do not do this, you will be unable to enroll users on your integrated Windows server until they sign on to i5/OS.

    This system value is also required for iSCSI integrated server support.

  2. The user should use i5/OS passwords containing only characters and password lengths allowed in Windows passwords if they want to enroll users. The password level of i5/OS can be set to allow for user profile passwords of 1 - 10 characters or to allow for user profile passwords of 1 - 128 characters. An i5/OS password level change of the system value QPWDLVL requires an IPL.

  3. The i5/OS password level of 0 or 1 supports passwords of 1 - 10 characters and limits the set of characters. At password level 0 or 1, i5/OS converts passwords to all lowercase for Windows.

  4. The i5/OS password level of 2 or 3 supports passwords of 1 - 128 characters and allows more characters including uppercase and lowercase characters. At level 2 or 3, i5/OS preserves password case sensitivity for Windows.

  5. When the i5/OS passwords of enrolled users expire, their Windows passwords also expire. Users can change their passwords on Windows, but they must remember to also change their passwords on i5/OS. Changing the i5/OS password first automatically changes the Windows password.

  6. If the i5/OS system value QSECURITY is 10, the Windows users that are created do not require passwords to sign-on. All other i5/OS QSECURITY levels require that a user object have a password to sign-on. You can find more information about security levels in the iSeries™ Security Reference .

  7. If you are using a language other than English, be aware that using anything but invariant characters in user profiles and passwords can cause unpredictable results. The Globalization topic contains information about what characters are in the invariant character set. This statement is only true when QPWDLVL is 0 or 1. When QPWDLVL is 2 or 3, invariant characters can be used without causing any problems.