Post-Install Optimizations: Difference between revisions
(New) |
Tag: Undo |
||
(21 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
OS/400 provides a lot of default values for variables (affecting the run-time environment) and program options. Some of these make sense, some of them are kept consistent with earlier versions of the OS because of compatibility reasons. | OS/400 provides a lot of default values for variables (affecting the run-time environment) and program options. Some of these make sense, some of them are kept consistent with earlier versions of the OS because of compatibility reasons by IBM. | ||
Some of these recommendations might not be appropriate for you by various reasons. Don't apply blindly. | Some of these recommendations might not be appropriate for you by various reasons. Don't apply blindly. Know what you do, use the online help to retrieve background information on the topic in question. | ||
The findings below are based on V4R5 with annotated exceptions for newer releases. | |||
== Housekeeping == | == Housekeeping == | ||
Line 8: | Line 10: | ||
=== Change unneeded programs to not run === | === Change unneeded programs to not run === | ||
We most likely don't need to run ''lpd'' and ''smtpd'' to run per default. | We most likely don't need to run ''lpd'' and ''smtpd'' to run per default. | ||
CHGLPDA AUTOSTART(*NO) | CHGLPDA AUTOSTART(*NO) | ||
CHGSMTPA AUTOSTART(*NO) | CHGSMTPA AUTOSTART(*NO) | ||
You can easily check all settings at once by using <code>STRDFU OPTION(5)</code> on the file | You can easily check all settings at once by using <code>STRDFU OPTION(5)</code> on the file ''QUSRSYS/QATOCSTART''. These are not needed in general. Depending on OS version, not all entries may be available. | ||
* *DIRSRV | * *DIRSRV | ||
* *NETSVR | * *NETSVR | ||
* *SLP | * *SLP | ||
=== Change uninstalled programs to not run === | |||
If you did not install the Ultimedia package, you can remove the pre started job from the QSYSWRK subsystem description to make it not generate an error message at IPL time. | |||
RMVPJE SBSD(QSYSWRK) PGM(QUMEDIA/QUMBPJTC) | |||
If you did not install the Directory Services package (aka LDAP), you can remove the auto started jobs from the QSYSWRK subsystem description to make them not generate an error message at IPL time. | |||
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBA) | |||
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBE) | |||
Both is valid and tested for V4R5. | |||
=== Cleanup unneeded stuff === | === Cleanup unneeded stuff === | ||
Line 42: | Line 54: | ||
* Change work environment to separate subsystems for different kind of jobs. | * Change work environment to separate subsystems for different kind of jobs. | ||
CHGSYSVAL SYSVAL(QCTLSBSD) VALUE('QCTL QSYS') | CHGSYSVAL SYSVAL(QCTLSBSD) VALUE('QCTL QSYS') | ||
* Set automatic DST adjustment, and UTC offset. This value is valid for Central Europe (Berlin, Paris, …). | * Set automatic DST adjustment, and UTC offset. This value is valid for Central Europe (Berlin, Paris, …) and not available in V4R5. | ||
CHGSYSVAL SYSVAL(QTIMZON) VALUE('QP0100CET2') | CHGSYSVAL SYSVAL(QTIMZON) VALUE('QP0100CET2') | ||
* Lessen time to automatically end | * Lessen time to automatically end disconnected interactive jobs (sessions). | ||
CHGSYSVAL SYSVAL(QDSCJOBITV) VALUE('60') | CHGSYSVAL SYSVAL(QDSCJOBITV) VALUE('60') | ||
=== (Memory) Allocation === | === (Memory) Allocation === | ||
* Adjust automatic performance values only at runtime, not at IPL. | * Adjust automatic performance values only at runtime, not at IPL.<ref>If you change the mount of memory for the machine, could be wise to adjust the value to '1', make the memory change and then change the value back to '3'.</ref> | ||
CHGSYSVAL SYSVAL(QPFRADJ) VALUE('3') | CHGSYSVAL SYSVAL(QPFRADJ) VALUE('3') | ||
* Make sure, database tasks can use system resources as needed. | * Make sure, database tasks can use system resources as needed. | ||
Line 54: | Line 66: | ||
* Match jobs running in total with reservations at IPL time. See <code>WRKACTJOB</code> and set to slightly more than the ''Active Jobs'' value to be seen there. | * Match jobs running in total with reservations at IPL time. See <code>WRKACTJOB</code> and set to slightly more than the ''Active Jobs'' value to be seen there. | ||
CHGSYSVAL SYSVAL(QTOTJOB) VALUE(80) | CHGSYSVAL SYSVAL(QTOTJOB) VALUE(80) | ||
* Allow memory pools to self adjust depending on jobs running. | * Allow memory pools to self adjust depending on jobs running. You can adjust the maximum active jobs per pool in the <code>WRKSHRPOOL</code> display.<ref>Press <code>F21</code> to switch to view 2 or 3 to have adjustment possibilities.</ref> | ||
CHGSHRPOOL POOL(*BASE) PAGING(*CALC) | CHGSHRPOOL POOL(*BASE) PAGING(*CALC) | ||
CHGSHRPOOL POOL(*INTERACT) PAGING(*CALC) | CHGSHRPOOL POOL(*INTERACT) PAGING(*CALC) | ||
CHGSHRPOOL POOL(*SPOOL) PAGING(*CALC) | CHGSHRPOOL POOL(*SPOOL) PAGING(*CALC) | ||
* Maximize TCP buffers for maximum performance, especially on faster links. | |||
CHGTCPA TCPRCVBUF(8388608) TCPSNDBUF(8388608) | |||
=== Message-and-Logging === | === Message-and-Logging === | ||
Line 64: | Line 78: | ||
* Do not log software errors. We can't do much about these anyway, seen from a hobbyist viewpoint. | * Do not log software errors. We can't do much about these anyway, seen from a hobbyist viewpoint. | ||
CHGSYSVAL SYSVAL(QSFWERRLOG) VALUE(*NOLOG) | CHGSYSVAL SYSVAL(QSFWERRLOG) VALUE(*NOLOG) | ||
* Maximize Central Syslog (viewable with <code>DSPLOG</code> size | * Maximize Central Syslog (viewable with <code>DSPLOG</code> size to lessen rotation frequency. Depending on OS version only ''VALUE(32767)'' may be valid. | ||
CHGSYSVAL SYSVAL(QHSTLOGSIZ) VALUE(*DAILY) | CHGSYSVAL SYSVAL(QHSTLOGSIZ) VALUE(*DAILY) | ||
* Raise allowed unsuccessful sign on tries before taking action. | * Raise allowed unsuccessful sign on tries before taking action. | ||
Line 76: | Line 90: | ||
* Allow restore with all security relevant flags. | * Allow restore with all security relevant flags. | ||
CHGSYSVAL SYSVAL(QALWOBJRST) VALUE(*ALL) | CHGSYSVAL SYSVAL(QALWOBJRST) VALUE(*ALL) | ||
* For TCP connections to work, we need encrypted passwords. | |||
CHGDDMTCPA PWDRQD(*ENCRYPTED) | |||
* Allow ''QSYSOPR'' signon to all devices. | * Allow ''QSYSOPR'' signon to all devices. | ||
CHGSYSVAL SYSVAL(QLMTSECOFR) VALUE('0') | CHGSYSVAL SYSVAL(QLMTSECOFR) VALUE('0') | ||
Line 89: | Line 105: | ||
CHGSYSVAL SYSVAL(QCURSYM) VALUE('€') | CHGSYSVAL SYSVAL(QCURSYM) VALUE('€') | ||
CHGSYSVAL SYSVAL(QDECFMT) VALUE('J') | CHGSYSVAL SYSVAL(QDECFMT) VALUE('J') | ||
CHGSYSVAL SYSVAL(QSRTSEQ) VALUE(*LANGIDUNQ) | CHGSYSVAL SYSVAL(QSRTSEQ) VALUE(*LANGIDUNQ)<ref>This value isn't available with V4R5. You can use ''*LANGIDSHR'' there.</ref> | ||
* Allow background compiling in PDM. | * Allow background compiling in PDM as ordinary user, and submitting batch jobs in general. | ||
GRTOBJAUT OBJ(QGPL/QBATCH) OBJTYPE(*JOBD) USER(*PUBLIC) AUT(*USE) | GRTOBJAUT OBJ(QGPL/QBATCH) OBJTYPE(*JOBD) USER(*PUBLIC) AUT(*USE) | ||
* Tweaking automatic cleanup (like ''logrotate'') | * Tweaking automatic cleanup (like ''logrotate''). | ||
CHGCLNUP ALWCLNUP(*YES) STRTIME('02:22:22') USRMSG(7) SYSMSG(3) SYSPRT(7) SYSLOG(14) CALITM(*KEEP) | CHGCLNUP ALWCLNUP(*YES) STRTIME('02:22:22') USRMSG(7) SYSMSG(3) SYSPRT(7) SYSLOG(14) CALITM(*KEEP) | ||
* Change general SNA networking attributes. | * Change general SNA networking attributes. This is one '''long''' line. Take care to get it completely. | ||
CHGNETA ALRSTS(*ON) ALRLOGSTS(*LOCAL) ALRPRIFP(*NO) ALRDFTFP(*NO) ALRBCKFP(*NONE) ALRRQSFP(*NONE) ALRCTLD(*NONE) ALRHLDCNT(0) ALRFTR(*NONE) JOBACN(*SEARCH) VRTAUTODEV(254) MDMCNTRYID(DE) | CHGNETA ALRSTS(*ON) ALRLOGSTS(*LOCAL) ALRPRIFP(*NO) ALRDFTFP(*NO) ALRBCKFP(*NONE) ALRRQSFP(*NONE) ALRCTLD(*NONE) ALRHLDCNT(0) ALRFTR(*NONE) JOBACN(*SEARCH) VRTAUTODEV(254) MDMCNTRYID(DE) | ||
In addition, OS/400 has a default value of 65535 for <code>QCCSID</code>. It should be set to a value being dependent on the installed language, to enable automatic translation of data on disk to the display device, and back. For Germany, the correct value is 273, and for US, it's 37. A good hint is to check your 5250 emulator program for possible values. | |||
== IPL Customization == | == IPL Customization == | ||
Line 113: | Line 131: | ||
== Regular Cleanup jobs == | == Regular Cleanup jobs == | ||
See job comment TEXT for details. | See job comment TEXT for details. These are '''long''' lines. Take care to get it completely. | ||
ADDJOBSCDE JOB(PRGPRB) CMD(DLTPRB STATUS(*CLOSED)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('13:22:00') MSGQ(*LIBL/QSYSOPR) TEXT('Purge closed and deletable problem entries') | ADDJOBSCDE JOB(PRGPRB) CMD(DLTPRB STATUS(*CLOSED)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('13:22:00') MSGQ(*LIBL/QSYSOPR) TEXT('Purge closed and deletable problem entries') | ||
ADDJOBSCDE JOB(RCLTMPSTG) CMD(RCLTMPSTG DAYS(30)) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:24:00') MSGQ(*LIBL/QSYSOPR) TEXT('Reclaim temporary storage') | ADDJOBSCDE JOB(RCLTMPSTG) CMD(RCLTMPSTG DAYS(30)) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:24:00') MSGQ(*LIBL/QSYSOPR) TEXT('Reclaim temporary storage') | ||
ADDJOBSCDE JOB(RTVDSKINF) CMD(RTVDSKINF) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:34:00') MSGQ(*LIBL/QSYSOPR) TEXT('Retrieve disk space stats') | ADDJOBSCDE JOB(RTVDSKINF) CMD(RTVDSKINF) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:34:00') MSGQ(*LIBL/QSYSOPR) TEXT('Retrieve disk space stats') | ||
ADDJOBSCDE JOB(QPGMRCLR) CMD(CLRMSGQ MSGQ(QPGMR) CLEAR(*KEEPUNANS)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('07:07:07') RCYACN(*NOSBM) MSGQ(*NONE) TEXT('Delete uninteresting messages') | ADDJOBSCDE JOB(QPGMRCLR) CMD(CLRMSGQ MSGQ(QPGMR) CLEAR(*KEEPUNANS)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('07:07:07') RCYACN(*NOSBM) MSGQ(*NONE) TEXT('Delete uninteresting messages') | ||
== Additional Steps for at least V7R2 and probably newer == | |||
After trying to enter SST, one gets the message that the password has expired. But the password cannot be changed. Re-IPL in manual mode, or force DST display via control panel. | |||
* Choose ''5. Work with DST environment'' and ''3. Service tools user IDs''. | |||
** Disable the "backdoor" profile ''11111111'', | |||
** ''Change password'' for ''QSECOFR'', ''Set password to expired'' to ''2=No''. | |||
* Press F12 and choose ''5. Work with DST environment'' and ''6. Service tools security data''. | |||
** Enter 0 into the field ''8. Password expiration interval in days'', 8 into the ''Selection'' field, and press return. | |||
** Enter a high number (like 12) into the field ''9. Maximum sign-on attempts allowed'', 9 into the ''Selection'' field, and press return. | |||
** Enter 0 into the field ''10. Duplicate password control'', 10 into the ''Selection'' field, and press return. | |||
Now exit DST. | |||
You may choose to enter SST, enter 7 for ''Work with system security'', and set ''Allow a service tools user ID with a default and expired password to change its own password'' to ''1=Yes''. Since we changed password expiry to ''never'', this step is entirely optional. | |||
== See also == | |||
* [[Change Command Defaults for File-Commands]] | |||
* [[How to properly shut down your AS/400]] | |||
== Footnotes == | |||
<references /> | |||
[[Category: System Administration]] | [[Category: System Administration]] |
Revision as of 21:45, 26 November 2021
OS/400 provides a lot of default values for variables (affecting the run-time environment) and program options. Some of these make sense, some of them are kept consistent with earlier versions of the OS because of compatibility reasons by IBM.
Some of these recommendations might not be appropriate for you by various reasons. Don't apply blindly. Know what you do, use the online help to retrieve background information on the topic in question.
The findings below are based on V4R5 with annotated exceptions for newer releases.
Housekeeping
These are settings and scheduled jobs to keep your system uncluttered.
Change unneeded programs to not run
We most likely don't need to run lpd and smtpd to run per default.
CHGLPDA AUTOSTART(*NO) CHGSMTPA AUTOSTART(*NO)
You can easily check all settings at once by using STRDFU OPTION(5)
on the file QUSRSYS/QATOCSTART. These are not needed in general. Depending on OS version, not all entries may be available.
- *DIRSRV
- *NETSVR
- *SLP
Change uninstalled programs to not run
If you did not install the Ultimedia package, you can remove the pre started job from the QSYSWRK subsystem description to make it not generate an error message at IPL time.
RMVPJE SBSD(QSYSWRK) PGM(QUMEDIA/QUMBPJTC)
If you did not install the Directory Services package (aka LDAP), you can remove the auto started jobs from the QSYSWRK subsystem description to make them not generate an error message at IPL time.
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBA) RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBE)
Both is valid and tested for V4R5.
Cleanup unneeded stuff
These objects come by default at OS install time, are not needed to my knowledge, and thus can be safely deleted:
DLTOUTQ OUTQ(QDKT) DLTOUTQ OUTQ(QPFROUTQ) DLTOUTQ OUTQ(QPRINTS) DLTF FILE(QPRINTS) DLTOUTQ OUTQ(QPRINT2) DLTF FILE(QPRINT2) DLTOUTQ OUTQ(QTPPPOUTQ) DLTDEVD DEVD(QESPAP) DLTDEVD DEVD(QIADSP) DLTDEVD DEVD(QIAPRT) DLTDEVD DEVD(QQAHOST) DLTDEVD DEVD(QTIDA) DLTDEVD DEVD(QTIDA2) DLTCTLD CTLD(QESCTL) DLTCTLD CTLD(QTICTL) DLTLIND LIND(QESLINE) DLTLIND LIND(QTILINE)
System Values
System values are like environment variables as known from common operating systems. They influence system operation. I recommend the following changes.
System Control
- Change work environment to separate subsystems for different kind of jobs.
CHGSYSVAL SYSVAL(QCTLSBSD) VALUE('QCTL QSYS')
- Set automatic DST adjustment, and UTC offset. This value is valid for Central Europe (Berlin, Paris, …) and not available in V4R5.
CHGSYSVAL SYSVAL(QTIMZON) VALUE('QP0100CET2')
- Lessen time to automatically end disconnected interactive jobs (sessions).
CHGSYSVAL SYSVAL(QDSCJOBITV) VALUE('60')
(Memory) Allocation
- Adjust automatic performance values only at runtime, not at IPL.[1]
CHGSYSVAL SYSVAL(QPFRADJ) VALUE('3')
- Make sure, database tasks can use system resources as needed.
CHGSYSVAL SYSVAL(QQRYDEGREE) VALUE(*OPTIMIZE)
- Match jobs running in total with reservations at IPL time. See
WRKACTJOB
and set to slightly more than the Active Jobs value to be seen there.
CHGSYSVAL SYSVAL(QTOTJOB) VALUE(80)
- Allow memory pools to self adjust depending on jobs running. You can adjust the maximum active jobs per pool in the
WRKSHRPOOL
display.[2]
CHGSHRPOOL POOL(*BASE) PAGING(*CALC) CHGSHRPOOL POOL(*INTERACT) PAGING(*CALC) CHGSHRPOOL POOL(*SPOOL) PAGING(*CALC)
- Maximize TCP buffers for maximum performance, especially on faster links.
CHGTCPA TCPRCVBUF(8388608) TCPSNDBUF(8388608)
Message-and-Logging
- Allow immediate deletion of problem reports.
CHGSYSVAL SYSVAL(QPRBHLDITV) VALUE(0)
- Do not log software errors. We can't do much about these anyway, seen from a hobbyist viewpoint.
CHGSYSVAL SYSVAL(QSFWERRLOG) VALUE(*NOLOG)
- Maximize Central Syslog (viewable with
DSPLOG
size to lessen rotation frequency. Depending on OS version only VALUE(32767) may be valid.
CHGSYSVAL SYSVAL(QHSTLOGSIZ) VALUE(*DAILY)
- Raise allowed unsuccessful sign on tries before taking action.
CHGSYSVAL SYSVAL(QMAXSIGN) VALUE('15')
- Minimize logging for sessions disconnected beause of device errors.
CHGSYSVAL SYSVAL(QDEVRCYACN) VALUE(*ENDJOBNOLIST)
Security System Values
- Unrestrict automatic creation of system objects triggered by external (network) requests.
CHGSYSVAL SYSVAL(QAUTOVRT) VALUE(*NOMAX)
- Allow restore with all security relevant flags.
CHGSYSVAL SYSVAL(QALWOBJRST) VALUE(*ALL)
- For TCP connections to work, we need encrypted passwords.
CHGDDMTCPA PWDRQD(*ENCRYPTED)
- Allow QSYSOPR signon to all devices.
CHGSYSVAL SYSVAL(QLMTSECOFR) VALUE('0')
- Raise maximum password length to maximum value.[3]
CHGSYSVAL SYSVAL(QPWDMAXLEN) VALUE(10)
- Raise minimum passsword length for security reasons.
CHGSYSVAL SYSVAL(QPWDMINLEN) VALUE(8)
Misc
- PTF install shall be done on unattended IPL time.
CHGSRVA PTFINSTYP(*DLYALL)
- Provide European style formatting.
CHGSYSVAL SYSVAL(QCURSYM) VALUE('€') CHGSYSVAL SYSVAL(QDECFMT) VALUE('J') CHGSYSVAL SYSVAL(QSRTSEQ) VALUE(*LANGIDUNQ)[4]
- Allow background compiling in PDM as ordinary user, and submitting batch jobs in general.
GRTOBJAUT OBJ(QGPL/QBATCH) OBJTYPE(*JOBD) USER(*PUBLIC) AUT(*USE)
- Tweaking automatic cleanup (like logrotate).
CHGCLNUP ALWCLNUP(*YES) STRTIME('02:22:22') USRMSG(7) SYSMSG(3) SYSPRT(7) SYSLOG(14) CALITM(*KEEP)
- Change general SNA networking attributes. This is one long line. Take care to get it completely.
CHGNETA ALRSTS(*ON) ALRLOGSTS(*LOCAL) ALRPRIFP(*NO) ALRDFTFP(*NO) ALRBCKFP(*NONE) ALRRQSFP(*NONE) ALRCTLD(*NONE) ALRHLDCNT(0) ALRFTR(*NONE) JOBACN(*SEARCH) VRTAUTODEV(254) MDMCNTRYID(DE)
In addition, OS/400 has a default value of 65535 for QCCSID
. It should be set to a value being dependent on the installed language, to enable automatic translation of data on disk to the display device, and back. For Germany, the correct value is 273, and for US, it's 37. A good hint is to check your 5250 emulator program for possible values.
IPL Customization
With this procedure, the current startup program for the OS can be retrieved for easy customization.
RTVCLSRC PGM(QSTRUP) SRCFILE(QCLSRC) WRKMBRPDM FILE(QCLSRC) MBR(QSTRUP) MBRTYPE(CLP) CRTCLPGM PGM(QSYS/QSTRUP)
Change Program Defaults
- File creation and change defaults.
CHGCMDDFT CMD(CRTPF) NEWDFT('SIZE(*NOMAX *N *N) WAITFILE(*IMMED) WAITRCD(*IMMED) REUSEDLT(*YES)') CHGCMDDFT CMD(CHGPF) NEWDFT('DLTDEPLF(*YES) SIZE(*NOMAX *N *N) WAITFILE(*IMMED) WAITRCD(*IMMED) REUSEDLT(*YES)') CHGCMDDFT CMD(CRTLF) NEWDFT('WAITFILE(*IMMED) WAITRCD(*IMMED)') CHGCMDDFT CMD(CHGLF) NEWDFT('WAITFILE(*IMMED) WAITRCD(*IMMED)')
- No unnecessary wait for power down.
CONFIRM(*NO)
can be added for newer releases to suppress prompting.
CHGCMDDFT CMD(PWRDWNSYS) NEWDFT('OPTION(*IMMED) ENDSBSOPT(*NOJOBLOG)')
Regular Cleanup jobs
See job comment TEXT for details. These are long lines. Take care to get it completely.
ADDJOBSCDE JOB(PRGPRB) CMD(DLTPRB STATUS(*CLOSED)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('13:22:00') MSGQ(*LIBL/QSYSOPR) TEXT('Purge closed and deletable problem entries') ADDJOBSCDE JOB(RCLTMPSTG) CMD(RCLTMPSTG DAYS(30)) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:24:00') MSGQ(*LIBL/QSYSOPR) TEXT('Reclaim temporary storage') ADDJOBSCDE JOB(RTVDSKINF) CMD(RTVDSKINF) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:34:00') MSGQ(*LIBL/QSYSOPR) TEXT('Retrieve disk space stats') ADDJOBSCDE JOB(QPGMRCLR) CMD(CLRMSGQ MSGQ(QPGMR) CLEAR(*KEEPUNANS)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('07:07:07') RCYACN(*NOSBM) MSGQ(*NONE) TEXT('Delete uninteresting messages')
Additional Steps for at least V7R2 and probably newer
After trying to enter SST, one gets the message that the password has expired. But the password cannot be changed. Re-IPL in manual mode, or force DST display via control panel.
- Choose 5. Work with DST environment and 3. Service tools user IDs.
- Disable the "backdoor" profile 11111111,
- Change password for QSECOFR, Set password to expired to 2=No.
- Press F12 and choose 5. Work with DST environment and 6. Service tools security data.
- Enter 0 into the field 8. Password expiration interval in days, 8 into the Selection field, and press return.
- Enter a high number (like 12) into the field 9. Maximum sign-on attempts allowed, 9 into the Selection field, and press return.
- Enter 0 into the field 10. Duplicate password control, 10 into the Selection field, and press return.
Now exit DST.
You may choose to enter SST, enter 7 for Work with system security, and set Allow a service tools user ID with a default and expired password to change its own password to 1=Yes. Since we changed password expiry to never, this step is entirely optional.
See also
Footnotes
- ↑ If you change the mount of memory for the machine, could be wise to adjust the value to '1', make the memory change and then change the value back to '3'.
- ↑ Press
F21
to switch to view 2 or 3 to have adjustment possibilities. - ↑ In newer OS versions, an additional variable QPWDLVL allows even longer passwords.
- ↑ This value isn't available with V4R5. You can use *LANGIDSHR there.