Disabling password storage for IBM i connections

About this task

By default the signon dialog for an IBM® i connection allows passwords to be saved in an encrypted form on the workstation. However, some companies may have security policies that forbid saving of passwords for their IBM i systems even in this encrypted form. You can prevent passwords from being saved for connections to a given IBM i by using an RSE connection properties file.

Procedure

To disable storage of passwords for an IBM i system, for all Rational® Developer for Power client connections, create an RSE connection.properties file on that system.
  1. The connection.properties file should be created in this location:
     /QIBM/UserData/rse
    This file is a Java properties file and should be encoded in ASCII CCSID 819, corresponding to ISO-8859-1. This is the standard for all Java properties files. This file is read by the Rational Developer for Power client when it connects to the IBM i system.
    Note: You should protect the connection.properties file with permissions settings so that it can be modified only by appropriate personnel. You can do this from QShell with the following command:
    chmod 755 /QIBM/UserData/rse/connection.properties
    These settings allow the owner of the file to change the contents, but all others to only read the file.
  2. The IBM i server-stored connection properties should be stored in the connection.properties file. For example, the contents of this file might look like this:
    # Beginning of property file
    DENY_PASSWORD_SAVE = true
    # End of property file
    The properties are processed and used to set the corresponding preferences in the client for subsequent connections to this server. There is currently only one property defined. It allows you to specify that passwords for this system are not to be saved on the client. Other properties you define in this file are currently ignored, but since IBM may add new properties in the future you should only use the properties defined here. The DENY_PASSWORD_SAVE property may have the values true or false. These values must be lower case and no alternative spellings are supported. If the property is true then all saved passwords for the connections used to connect to this system are erased, and the save password checkbox on the signon dialog is disabled for subsequent connection attempts. If the property is false then the save password checkbox on the signon dialog is enabled for subsequent connection attempts.
  3. The current setting of the connections to this system remains unchanged if the file does not exist or the property is not present in the file. These are normal conditions and no messages are written to the .log file on the client. An information message is written to the .log file on the client if the property causes a change on the client by either enabling or disabling the saving of passwords. If the connection.properties file exists but cannot be read or opened or the DENY_PASSWORD_SAVE property is neither true nor false then a warning is written in the .log file and the state of the connection is left as is.

Feedback