ANZDFTPWD (Analyze Default Passwords)

ANZDFTPWD Command syntax diagram

 

Purpose

The Analyze Default Passwords (ANZDFTPWD) command allows you to print a report of all the user profiles on the system that have a default password and to take an action against the profiles. A profile has a default password when the profile's password matches the user profile name.

When the system is operating at password level 2 or 3, both the uppercase and lowercase values of the user profile name are checked. However, mixed case values of the user profile name will not be checked. For example, if the user profile JAMES has a password of 'JAMES' or 'james' it will be detected as having a default password; but passwords of 'JaMeS' or 'James' will not be detected as default passwords.

Restriction: You must have *ALLOBJ and *SECADM special authorities to use this command.

 

Optional Parameters

ACTION

Specifies the action to be taken against the user profiles that have a default password. Multiple actions may be specified, except for *NONE.

*NONE: No action is taken against profiles with a default password.

*DISABLE: The 'Status' field in the user profile is set to *DISABLED.

*PWDEXP: The 'Set password to expired' field in the user profile is set to *YES.

Example for ANZDFTPWD

ANZDFTPWD   ACTION(*DISABLE *PWDEXP)

Any user profiles on the system that have a default password will be disabled and their passwords will be set to expired.

Error messages for ANZDFTPWD

*ESCAPE Messages

CPFB301

Cannot open file &2 in library &3.

CPFB302

Not authorized to check for default passwords.