Enhancements for Managing Service Tools User IDs in 7.4
In this i Can blog post, Dawn May breaks down service tool requirements for IBM i 7.4.
By Dawn May10/23/2019
Prior to 7.4, service tools user ID password composition rules were very basic; there was a minimum length requirement and expiration interval.
With 7.4, you can now implement password composition rules consistent to those of IBM i user profiles. The password rules available are the same as the ones you can specify with the QPWDRULES system value. You can change the password rules within SST or DST using service tools security options.
In 7.4, IBM also provided command interfaces to set (CHGSSTSECA) or display (DSPSSTSECA) service tools security attributes, which includes the SST password rules. This alleviates the need to use the SST or DST menu-driven interfaces to review the settings or make changes. When using the CHGSSTSECA command, you must specify your service tools user ID and password and have the service tools “Service Tools Security” functional privilege. DSPSSTSECA has outfile support, so you also have a programmatic interface to these settings.
In addition to adding service tools password rules, you can now create, change, and display service tools user IDs through command interfaces. The Create SST User, Change SST User and Delete SST User commands are new with 7.4; the Display SST User command has been around since the 6.1 release. With the create and change SST user commands you can change the password, enable or disable the ID, link it to an IBM i user profile, and specify the service tools privileges for that service tools user ID. Again, you must have a service tools user ID to use these commands as well as the “Service Tools Security” privilege but having the command interface will make it easier to manage your service tools user IDs.
Dawn May is an IBM i consultant. She owns Dawn May Consulting, LLC in the Greater Boston area. Dawn is a former IBM senior technical staff member.