04f - Security

Security pills: Check User with the default password

Last Updated on 29 July 2022 by Roberto De Pedrini

I welcome Steve Pitcher‘s suggestion from this Linkedin Post: a simple SQL statement to get the list of users with default passwords who haven’t been SIGNON for some time:

select * from qsys2.user_info where user_default_password = 'YES' and previous_signon <current date - 60 days and status = '* ENABLED';

Of course, we can also check all users with default passwords and not limit ourselves to those who have not logged in for 60 days.

The advice is to disable these users or to set a non-default password with CHGUSRPRF.

Have you found any? I do … more than one!

--- Roberto De Pedrini Faq400.com
About author

Founder of Faq400 Srl, IBM Champion, creator of Faq400.com and blog.faq400.com web sites. RPG developer since I was wearing shorts, strong IBM i supporter, I have always tried to share my knowledge with others through forums, events and courses. Now, with my company Faq400 Srl, I help companies to make the most of this great platform IBM i.

Leave a Reply

%d bloggers like this: