Install the OS400 Password Synchronization Agent

Administration Guide › Password Management › Synchronizing Passwords on Endpoints › Passwords on OS400 › Install the OS400 Password Synchronization Agent

Install the OS400 Password Synchronization Agent

You must have *ADDOBJ privileges and the following are necessary for the agent to receive password change notifications:

System value QPWDVLDPGM must be set to *REGFAC
Program must be registered with the command WRKREGINF EXITPNT(QIBM_QSY_VLD_PASSWRD)
The environment must allow password changes to come from endpoint accounts. An administrator with access to the Management Console enables this feature.

The agent is initiated only when a password change is made. To change the password, issue the CHGPWD command.

Note: The Global User must be flagged for password synchronization.

On the iSeries

Log on as a user with *ALLOBJ and *SECADM privileges (for example, QSECOFR).

Create a user called PWDSYNCH:

CRTUSRPRF USRPRF(PWDSYNCH) PWDEXP(*YES)

Note:  As a security measure, the user is created with the password expired.

Create a savefile to store the installation package in a library of your choice (for example, MYLIB):
```
CRTSAVF MYLIB/PWDSYNCH
```
On the Windows machine with the savefile, use FTP to transfer the savefile to the iSeries:
```
ftp <hostname>
binary
cd MYLIB
put PWDSYNCH.FILE
```
On the iSeries, extract the program from the savefile:
```
RSTLIB SAVLIB(PWDSYNCH) DEV(*SAVF) SAVF(MYLIB/PWDSYNCH)
```
This command extracts and installs the synch agent into the PWDSYNCH library.
Verify the installation:
```
DSPLIB PWDSYNCH
```
The following objects should be displayed:

Set up the iSeries to use PWDSYNCH as the password validation exit program:

CHGSYSVAL SYSVAL(QPWDVLDPGM) VALUE(*REGFAC)
ADDEXITPGM EXITPNT(QIBM_QSY_VLD_PASSWRD) FORMAT(VLDP0100) PGMNBR(1)
PGM(PWDSYNCH/PWDSYNCH) TEXT('eTrust Admin Password Synch Agent')

On the iSeries, specify the connection parameters for your CA IAM Connector Server:
```
EDTF FILE(PWDSYNCH/CONFIG)
```