The company I work for fired the MIS director, and he was the only one who knew the password for QSECOFR. In case you ever find yourself in that situation, here's how to solve the problem.
1. Manually IPL the system.
2. Take option 3 to access the dedicated service tools (DST).
3. When prompted for the DST password, key in QSECOFR.
4. From the DST menu, take option 5 to work with the DST environment.
5. Take option 9 to change DST passwords.
6. Take option 4 to reset system default passwords.
7. QSECOFR will now have a password of QSECOFR.
- Tony Cassella
Editors note: Because of the security implications of this technique, we asked our security expert, Wayne O. Evans, to contribute his thoughts on the subject. The following is his response.
DST can be used to recover the password of QSECOFR if it is lost, but this can also be a potential method for a hacker to gain control of your AS/400. One of the hacker magazines described this procedure in detail as a means to get the password of the security officer. There are some important steps that should be followed to protect your AS/400:
1. Ensure the physical security of the computer system. Do not allow unauthorized persons to have access to the computer. You can also restrict those authorized but curious individuals by controlling access to the system key and DST passwords.
2. Remove the key from the system unit. Put it in a secure location. This does not mean hide the key somewhere on the system. Hackers know enough to look for keys in common hiding places.
3. DST is protected by passwords that should be changed. The DST passwords can be changed as follows while your system is active without requiring an IPL.
a. Put the key in the system unit and set the system to MANUAL.
b. Change the system indicators to 21 and press Enter.
c. The DST sign-on screen will appear on the system console. Enter the default password QSECOFR and press Enter.
d. Select option 5 to work with DST environment.
e. Select option 9 to change the DST passwords.
f. Select option 3 to change the DST password for the DST Security officer. Enter the old and new passwords. I recommend writting the password down and putting it with the key.
g. While you are here, also change the other two passwords for DST:
Option 1 Basic DST-Default password 11111111
Option 2 Full DST-Default password 22222222
h. Option 4 from this screen recovers the password of the security officer. If you choose option 4, the password of the QSECOFR password will be reset to QSECOFR.
- Wayne O. Evans
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online