IBM i 7.2
IBM i 7.2
43 IBM i 7.2 ( 5770-SS1) RISC CISC IBM IBM i Version 7.2 Security Service Tools 1 2014.4 Copyright IBM Corporation 2003, 2013.
.............. 1 IBM i 7.2............ 1 PDF......... 1............. 2............ 2........ 3.......... 3 ID......... 4 ID................. 5............. 7......... 7 DST.. 8 SST.. 9 IBM Navigator for i............. 9....... 10 DST.... 10 DST.............. 11 SST.............. 11 IBM i... 12 13 ID...... 14 ID.......... 14 DST SST ID.......... 15 ID............ 15 DST ID............ 16 SST ID............. 20 ID............... 24 DST ID....... 24 SST ID........ 25 QSYCHGDS API ID.. 26 QSECOFR............... 26 QSECOFR......... 27 QSECOFR ID........ 27... 28.... 28.... 28 SST ID... 29 ID........ 29 DST SST ID............. 30 DST ID.............. 30 SST ID.............. 32 ID 35 DST ID........ 35 SST ID......... 35 QCONSOLE..... 36 ID......... 37.38 SST.......... 38....... 38..... 39....... 39 ID........... 40....... 41 DST.. 41............ 41........... 42.............. 43..... 45................. 45............... 45 Copyright IBM Corp. 2003, 2013 iii
iv IBM i:
5xx 8xx (DST) (SST) DST SST IBM Navigator for i ID ID DST DST ID ID IBM i 7.2 v v v PDF ( ) PDF PDF PDF PDF PDF 1. PDF 2. PDF 3. PDF 4. Copyright IBM Corp. 2003, 2013 1
Adobe Reader PDF Adobe Reader Adobe Reader Adobe Web (www.adobe.com/products/acrobat/readstep.html) : 42 Information Center PDF ID (DST) (SST) ( ) PC TCP/IP DST SST IBM Navigator for i () ID ID : 38 180 (DST) (SST) DST SST v v v v (LPAR) ( ) v v ID v v (2 LAN LAN ) 2 IBM i:
1. (Select consol) 2. LAN 2 LAN v v : (DST) (SST) 1 : 13 PC / (TCP/IP) GUI DST IBM Navigator for i : 1. IBM Navigator for i 2. (LAN) : 9 IBM Navigator for i IBM i IBM Navigator for i : 10 (DST) : 3
ID ID (DST) (SST) IBM Navigator for i () ID ID DST SST IBM i ID IBM v QSECOFR v QSRV v 22222222 v 11111111 ID QSECOFR QSRV 22222222 IBM 4 ID 100 ID IBM ID IBM ID 11111111 : QSECOFR QSECOFR ID QSECOFR QSECOFR ID ID QSECOFR QSECOFR ID ID IBM ID ID (DST) (SST) : ID ID ID ID ID ID ID ID 4 IBM i:
v v ID IBM ID QSECOFR IBM ID ID QSECOFR DST SST ID DST SST : 41 (DST) IBM i : ID ID Data Encryption Standard (DES) Secure Hash Algorithm (SHA) 7 (DST) (SST) IBM Navigator for i : ID ID Data Encryption Standard (DES) Secure Hash Algorithm (SHA) : ID ID QSECOFR QSECOFR ID ID QSECOFR ID ID ID IBM i ID DES System i V5R1 DES 5
SHA SHA DES SHA V5R1 ( ) SHA DES DES ID v ID 10 v 8 ID 1 6 v ID 180 IBM ID ID 11111111 ID v DES v ( ) SHA SHA ID v ID 10 v 128 ID 1 6 v ID 180 (DST) 8( ()) (SST) *NOMAX 0 999 1. SST 2. ID 3. 4. () Enter v ( ) SHA SST DST SST 1. ID 6 IBM i:
2. 5 Enter Enter PWLVL 2 DST 1. ID DST (DST) 2. 5 DST Enter DST 3. 6Enter 4. 6 (Change password level) Enter Enter PWLVL 2 : 8 DST (IPL) (DST) ID (DST) (SST) IBM Navigator for i SST SST DST ID DST SST DST SST IPL 21 DST QSECOFR v v v SST (STRSST) CL (*SERVICE) SST SST 7
DST SST ID ID DST (IPL) (DST) DST ID DST 21 (IPL) DST DST DST 1. 2. 21 Enter DST 3. ID DST (DST) 4. Enter v 5 (DST ) ID v 7() DST v IPL DST (IPL) DST 1. 2. v v (PWRDWNSYS) PWRDWNSYS *IMMED RESTART(*YES) 3. ID DST (DST) 4. Enter v 5 (DST ) ID v 7() DST v 8 IBM i:
SST (SST) SST ID SST IBM i v SST (STRSST) CL v (*SERVICE) SST 1. IBM i STRSST (SST ) 2. v ID: ID v : ID 3. Enter DST SST DST SST IPL 21 QSECOFR DST ID v v v SST (STRSST) CL (*SERVICE) SST SST ID IBM Navigator for i IBM i IBM Navigator for i IBM i IBM Navigator for i IBM i IBM Navigator for i 9
1. IBM Navigator for i 2. 3. ID : 3 PC / (TCP/IP) : IBM Navigator for i (DST) : (LAN) : 3 PC / (TCP/IP) DST (DST) LAN DST DST (LAN) (LAN ) LAN 1. 2. v 8xx LAN (IOP) ( ) v i5/5xx LAN (LAN) 10 IBM i:
LAN (LAN) DST SST 1 : DST : 1. (DST) 5 (DST ) Enter DST 2. ID 4( LAN ) Enter : 3. LAN TCP/IP F1 ( ) 4. F7 () 5. F14 ( ) ID : 15 DST SST ID ID (DST) (SST) : SST : 1. (SST) 8( ID ) 2. ID 4( LAN ) Enter 11
: 3. LAN TCP/IP F1 ( ) 4. F7 () 5. F14 ( ) ID : 15 DST SST ID ID (DST) (SST) IBM i TCP/IP IBM Navigator for i (LAN) 1. ADDSRVTBLE () Enter 2. v : as-sts v : 3000 v : 'tcp' ( ) v : 'Service Tools Server' 3. F10 ( ) 4. AS-STS 5. Enter 6. TCP/IP ENDTCP (TCP/IP ) TCP/IP TCP/IP TCP ENDTCP TCP (STRTCP) (IPL) 7. STRTCP 5250 NETSTAT OPTION(*CNN) 3000 listen as-sts listen IBM Navigator for i 1 1. IBM Navigator for i 12 IBM i:
2. 3. IBM i > (Service) 4. 5. OK ID IBM Navigator for i IBM Navigator for i ID I_BASE_01 v CD v ( ) v (IPL) 1. I_BASE_01 2. DST : ID QSECOFR DST 3. 5 (DST ) 4. 7() 1 5. ID (29xx) Enter 2924 6. 1 Enter 7. (Confirm Select Service Tools Language) Enter DST v DST IBM i v IPL DST IPL 13
: 3 (DST) (SST) 1 ID ID ID QSECOFR : 7 (DST) (SST) IBM Navigator for i ID ID ID IBM i API (*SERVICE) ID ID 1. DST 2. DST QSECOFR ID 3. (DST) 5 (DST ) Enter DST 4. DST 3( ID) Enter 5. ID 9( ) Enter ID (The Link Service Tools User ID) : v QSECOFR ID 9 ID (This Service Tools User ID cannot change the linked User Profile) QSECOFR ID QSECOFR QSECOFR ID v 1 1 ID 1 ID 1 14 IBM i:
ID ID 6. ID v ID: v : ID 7. Enter ID DST SST ID ID (DST) (SST) : 9 SST (SST) : 24 ID ID (DST) (SST) ID (QSYCHGDS) API ID : ID QSECOFR ID IBM ID QSECOFR QSECOFR ID ID ID QSECOFR QSECOFR : ID QSECOFR ID ID QSECOFR ID : 26 QSECOFR QSECOFR QSECOFR ID IBM QSECOFR QSECOFR ID 15
: 24 ID ID (DST) (SST) ID (QSYCHGDS) API DST ID : (DST) ID DST ID : (DST) ID 1. DST 2. ID DST 3. (DST) 5 (DST ) Enter DST 4. DST ID 3( ID) ID 5. ID 1() ID Enter ID : ID 1 10 ID 6. ID v ID : ID v : ID 1 DES (Data Encryption Standard) 8 SHA (Secure Hash Algorithm) 2 128 v : 1 (YES) v : ID ( ) v (Linked user profile name): ID : ID ID 7. ID v ID Enter 16 IBM i:
v F5 ( ) DST ID : 24 DST ID (DST) ID DST ID (DST) ID DST ID : (DST) ID 1. DST 2. ID DST 3. (DST) 5 (DST ) Enter DST 4. DST ID 3( ID) ID 5. ID ID 7( ) v ID 1 () v ID 2 () 6. Enter Enter F3 () F9 () DST ID : (DST) ID 1. DST 2. ID DST (DST) 5 (DST ) Enter DST 3. DST ID 3( ID) ID 4. ID ID 8( ) 5. ID ID 17
DST ID : (DST) ID 1. DST 2. ID DST (DST) 5 (DST ) Enter DST 3. DST ID 3( ID) ID 4. ID ID 4() ID 5. ID F5 ( ) ID ID DSPSSTUSR ID : ID (DSPSSTUSR) ID ID ID ID : (*SECADM) (*AUDIT) 1. DSPSSTUSR USRID (*ALL) ID 2. F17 () F18 () ID 3. 5 () ID ID ID ID 4. (Display linked user profile) F15 () 14 ID F15 ID 11111111 ID DSPSSTUSR USRID(11111111) ID ID DSPSSTUSR USRID(*ALL) OUTPUT(*PRINT) : ID (DSPSSTUSR) 18 IBM i:
DST ID : (DST) ID 1. DST 2. ID DST (DST) 5 (DST ) Enter DST 3. DST ID 3( ID) ID 4. ID ID 5() ID 5. Enter ID DST ID : (DST) ID 1. DST 2. ID DST (DST) 5 (DST ) Enter DST 3. DST ID 3( ID) ID 4. ID ID 6() ID 5. Enter ID DST ID : (DST) ID : IBM ID 1. DST 2. ID DST (DST) 5 (DST ) Enter DST 3. DST ID 3( ID) ID 4. ID ID 3() ID 5. ID v ID Enter 19
v F12 () ID SST ID : (SST) ID : 25 SST ID (SST) ID SST ID : (SST) ID 1. SST 2. ID SST 3. (SST) 8( ID ) 4. ID 1( ID) 5. ID 1() ID Enter ID : ID 1 10 ID 6. ID v ID : ID v : ID 1 DES () 8 SHA ( 2) 128 v (Password is set expired): v : ID ( ) 7. ID v ID Enter v F5 : 25 SST ID (SST) ID 21 SST ID (SST) ID 20 IBM i:
SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 1( ID) 4. ID ID 7( ) v ID 1 () v ID 2 () 5. Enter Enter F3 () F9 () : 20 SST ID (SST) ID SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 1( ID) 4. ID ID 8( ) 5. ID SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 21
3. ID 1( ID) 4. ID ID 4() ID ID v () v v v v ( 1 (DES) ) v ( YES NO ) 5. ID F5 ( ) ID DSPSSTUSR ID : ID (DSPSSTUSR) ID ID ID ID : (*SECADM) (*AUDIT) 1. DSPSSTUSR USRID (*ALL) ID 2. F17 () F18 () ID 3. 5 () ID ID ID ID 4. (Display linked user profile) F15 () 14 ID F15 ID 11111111 ID DSPSSTUSR USRID(11111111) ID ID DSPSSTUSR USRID(*ALL) OUTPUT(*PRINT) : ID (DSPSSTUSR) 22 IBM i:
SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 1( ID) 4. ID ID 5() ID 5. Enter ID SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 1( ID) 4. ID ID 6() ID 5. Enter ID SST ID : (SST) ID : IBM ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 1( ID) 4. ID ID 3() ID 5. ID v ID Enter v F12 () ID 23
ID ID (DST) (SST) ID (QSYCHGDS) API ID ID : ID ID : 26 QSECOFR QSECOFR QSECOFR ID IBM QSECOFR QSECOFR ID : 15 DST SST ID ID (DST) (SST) 15 ID ID DST ID : (DST) ID 1. DST 2. ID DST (DST) 3. 5 (DST ) Enter DST 4. DST ID 3( ID) ID 5. ID ID 2( ) a. ID ID ID v : v : 1 (YES) 2 (NO) 1 (YES) 24 IBM i:
b. ID v : ID v : ID 18 18 10 ( ) 0 32 v ( ): 6. Enter ID ID ID Data Encryption Standard (DES) 8 Secure Hash Algorithm (SHA) 128 : 16 DST ID (DST) ID : 5 ID ID Data Encryption Standard (DES) Secure Hash Algorithm (SHA) SST ID : (SST) ID 1. SST 2. ID SST (SST) 3. (SST) 8( ID ) 4. ID 1( ID) 5. ID ID 2( ) 6. ID ID v : 1 ( ) Data Encryption Standard (DES) 8 Secure Hash Algorithm (SHA) 128 25
v : 1 (YES) 2 (NO) 1 (YES) 7. Enter ID ID : 20 SST ID (SST) ID : 20 SST ID (SST) ID 5 ID ID Data Encryption Standard (DES) Secure Hash Algorithm (SHA) QSYCHGDS API ID : ID (QSYCHGDS) API ID ID ID QSYCHGDS API : ID (QSYCHGDS) API QSECOFR QSECOFR QSECOFR ID IBM QSECOFR QSECOFR ID ID QSECOFR QSECOFR ID ID : 24 ID ID (DST) (SST) ID (QSYCHGDS) API 26 IBM i:
15 ID ID 5 ID ID Data Encryption Standard (DES) Secure Hash Algorithm (SHA) 40 ID ID QSECOFR : QSECOFR ID QSECOFR (QSECOFR) (IPL) IPL QSECOFR 1. DST 2. DST ID QSECOFR 3. DST 5 (DST ) 4. DST 6( ) 5. 1( ) 6. Enter 7. DST F3 () 8. 1 (DST ) IPL 9. 1 (IPL ) IPL 10. IPL ( ) 11. QSECOFR CHGPWD QSECOFR : QSECOFR QSECOFR ID : QSECOFR IBM ID (QSECOFR) IBM QSECOFR ID 1. DST 2. QSECOFR 27
3. CHGDSTPWD (IBM ) F4 (Enter )IBM (CHGDSTPWD) 4. *DEFAULT Enter IBM ID QSECOFR : ID QSECOFR (SAVSYS) (DST) DST : (DST) 1. DST 6() 2. 5( ) 3. 1 v : a. Enter b. v : a. Enter b. : (DST) 1. DST 6() 2. 4( ) 3. 1 v : a. Enter b. 4 28 IBM i:
v : a. Enter b. 4 4. a. 1 () ID b. 1 v ID 1) 1 2) Enter ID v ID 1) 2 Enter ID 2) 1 () Enter ID SST ID SST ID 1. DST 2. DST QSECOFR ID 3. DST 5 (DST ) 4. DST 6( ) 5. 7 (SST ID ) Enter : SST ID ID DST 6. DST F3 () 7. 1 (DST ) : 35 SST ID (SST) ID ID ID LAN LAN ID IBM ID QCONSOLE QCONSOLE IBM ID 50 ID : 29
9 SST (SST) DST SST ID (DST) (SST) ID DST ID : (DST) ID DST ID DST ID : (DST) ID 1. DST 2. ID DST 3. (DST) 5 (DST ) Enter 4. ID DST 5( ID) 5. ID (Work with Service Tools Device IDs) 1() ID Enter : ID 1 10 ID 6. ID ID 7. ID v ID Enter v F5 ( ) ID (Change Service Tools device ID Attributes) : DST ID (DST) ID DST ID : (DST) ID 1. DST 2. ID DST 3. (DST) 5 (DST ) Enter 30 IBM i:
4. ID DST 5( ID) 5. ID (Work with Service Tools Device IDs) ID 7( ) (Change Service Tools Device Attributes) v ID 1 () v ID 2 () : 5xx 8xx 2 2 (LAN): ID : ID 8xx 1 Linux 6. Enter Enter F3 () F9 () DST ID : (DST) ID 1. DST 2. ID DST (DST) 5 (DST ) Enter 3. ID DST 5( ID) 4. ID (Work with Service Tools Device IDs) ID 8( ) 5. ID DST ID : (DST) ID 1. DST 2. ID DST (DST) 5 (DST ) Enter 3. ID DST 5( ID) 4. ID (Work with Service Tools Device IDs) ID 4() ID (Display Service Tools Device ID) ID 31
5. ID F5 ( ) (Display Service Tools Device Attributes) ID ID DST ID : (DST) ID 1. DST 2. ID DST (DST) 5 (DST ) Enter 3. ID DST 5( ID) 4. ID (Work with Service Tools Device IDs) ID 5() ID (Enable Service Tools Device ID) 5. Enter ID SST ID : (SST) ID SST ID : (SST) ID 1. SST 2. ID SST 3. (SST) 8( ID ) 4. ID 2( ID) 5. ID 1() ID Enter ID : ID 1 10 ID 6. ID ID 7. ID v ID Enter v F5 ( ) ID (Change Service Tools Device ID Attributes) 32 IBM i:
SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 2( ID) 4. ID ID 7( ) (Change Service Tools Device Attribute) v ID 1 () v ID 2 () : 5xx 8xx 2 2 (LAN): ID : ID 8xx 1 Linux 5. Enter Enter F3 () F9 () SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 2( ID) 4. ID ID 8( ) 5. ID SST ID : (SST) ID 33
1. SST 2. ID SST (SST) 8( ID ) 3. ID 2( ID) 4. ID ID 4() ID (Display Service Tools Device ID) ID 5. ID F5 ( ) (Display Service Tools Device Attributes) ID SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 2( ID) 4. ID ID 5( ) ID (Enable Service Tools Device ID) 5. Enter ID SST ID : (SST) ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 2( ID) 4. ID ID 6( ) ID (Disable Service Tools Device ID) 5. Enter ID 34 IBM i:
SST ID : (SST) ID : IBM ID 1. SST 2. ID SST (SST) 8( ID ) 3. ID 2( ID) 4. ID ID 3() ID (Delete Service Tools Device ID) 5. ID v ID Enter v F12 () ID ID (DST) (SST) ID QCONSOLE DST ID : (DST) ID 1. DST 2. ID DST 3. (DST) 5 (DST ) Enter 4. ID DST 5( ID) 5. ID (Work with Service Tools Device IDs) ID 2() (Reset Service Tools Device Password) 6. Enter SST ID : (SST) ID 1. SST 2. ID SST 35
3. (SST) 8( ID ) 4. ID 2( ID) 5. ID ID 2( ) : SST ID (Work with device IDs from SST disabled) SST ID 6. (Reset Service Tools Device Password) ID 7. Enter : 29 SST ID SST ID QCONSOLE : ID ID (QCONSOLE) ID ID 1. / 01 B 2. / 25 Enter / 25 00 3. 1 26 Enter / 01 B : 65 FF 2 3 4. 65 Enter 65 00 : (D1008065) 11 D1008065 11 65 10 5. 13 Enter...0001 65 6. 65 7 4 5 5 7 65 5 2 36 IBM i:
xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx 8 12 19 4 12 ( 12) word 12word 13 word 14word 15 13 ( 13) word 16word 17 word 18word 19 xxxxxxxx 8 17 17 : v SRC D1008065 17 65 7 ID 18 00000000 v 7 65 18 00000001 5 00000000 : 65 8 7. v v v : 8 DST (IPL) (DST) ID ID ID 10 ID (DST) ID 1. DST 2. DST ID QSECOFR 3. DST 5 (DST ) 4. DST 6( ) 5. ID (Autocreate service tools device IDs) 0 49 Enter 37
: 0 ID 49 ID QCONSOLE 50 ID 6. DST F3 () 7. 1 (DST ) SST (SST) SST 1. DST 2. DST ID QSECOFR 3. 13 ( ) 4. ID 5. DST F3 () 6. 1 (DST ) QSECOFR ID ID 1. SST 2. SST ID 3. 7( ) 4. ID 5. SSTF3 () 6. F3 () Enter SST 180 1. DST 2. DST ID QSECOFR 3. DST 5 (DST ) 4. DST 6() 5. 8 0 999 : 0 *NOMAX SHA 180 6. 8( ()) Enter 38 IBM i:
7. DST F3 () 8. 1 (DST ) ID (SST) (DST) : 3 ID (SST) 1. ID 2. 3. 2 99 Enter DST 1. DST ID QSECOFR 2. DST 5 DST 3. DST 6 4. 9 2 99 5. 9Enter 6. DST F3 () 7. 1 (DST ) (SST) (DST) (SST) 1. ID 2. 3. 0 15 Enter DST 1. DST ID QSECOFR 2. DST 5 DST 3. DST 6 4. 10 0 15 5. 10 Enter 6. DST F3 () 7. 1 (DST ) : 0 18 39
ID ID 1: IBM ID 2: ID QSECOFR ID QSECOFR 3: ID QSECOFR ID QSECOFR (DST) ID DST DST 4: STRSST ID QSYCHGDS API ID ID (SST) QSYCHGDS API v ID ID ID v DST ID v ID DST SST ID 1 (YES) ID 2( ) : 26 QSECOFR QSECOFR QSECOFR ID IBM QSECOFR QSECOFR ID 8 DST (IPL) 40 IBM i:
(DST) (DST) IBM i : 38 180 : 4 ID ID (DST) (SST) IBM Navigator for i () ID DST (DST) ID DST 1. DST 2. DST ID QSECOFR 3. DST 5 (DST ) 4. DST 6( ) 5. 3() Enter 6. : F6 () 7. : 5 ( ) ID 1. IBM Navigator for i 2. 3. 4. (Active action auditing) (Actions to audit) () v 41
v (DSPJRN) DSPJRN QSYS/QAUDJRN ENTTYP(ST) STRSST Information Center PDF v v v v v IBM i (Partitioning with IBM i) v v v v v IBM Navigator for i v : 1 PDF PDF 42 IBM i:
IBM IBM IBM IBM IBM IBM IBM ( ) 103-8510 19 21 IBM IBM IBM Web Web Web IBM Web IBM (i) ( ) (ii) IBM Corporation Software Interoperability Coordinator, Department YBWA 3605 Highway 52 N Rochester, MN 55901 U.S.A. Copyright IBM Corp. 2003, 2013 43
IBM IBM IBM IBM IBM IBM IBM : IBM IBM IBM ( ) ( ). IBM Corp. Copyright IBM Corp. _ _. 44 IBM i:
IBM i IBM IBM ibm.com International Business Machines Corporation IBM IBM www.ibm.com/legal/copytrade.shtml Adobe Adobe PostScript PostScript Adobe Systems Incorporated IBM : IBM () ( ) : IBM IBM IBM IBM 45
46 IBM i:
: 5770-SS1