Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

Special chars in the password/newpassword field

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> TSO/ISPF
View previous topic :: :: View next topic  
Author Message
Phil Solano

New User


Joined: 25 Oct 2007
Posts: 3
Location: TOURS (France)

PostPosted: Mon Oct 29, 2007 1:14 pm    Post subject: Special chars in the password/newpassword field
Reply with quote

Hello everybody !

I have a problem with TSO/E and the Logon processor.
TSO doesn't accept any special characters in passwords, and only a few National characters are accepted. This is clearly documented.
Others logon processors in Zos (1.8 here) like CICS accepts special characters

Do you know about any solution (customizing IKJ members or using any patch or EXIT) to make TSO to accept at least characters like this :
Ampersand & , Asterisk * , Percentage sign % , Question mark ? , Equal sign = ... and others


Thanx in advance and excuse me for my bad English

Take care

Phil icon_cool.gif
Back to top
View user's profile Send private message

cpuhawg

Active User


Joined: 14 Jun 2006
Posts: 331
Location: Jacksonville, FL

PostPosted: Mon Oct 29, 2007 5:50 pm    Post subject: Reply to: Special chars in the password/newpassword field
Reply with quote

There are at least 3 popular security packages that protect the mainframe. They are RACF (IBM), Top Secret, and ACF2.

RACF allows only the @ (at sign), # (pound sign), and $ (dollar sign) as valid characters in the password field.

The only method that I'm aware of that can expand the special characters that a password will accept would be the installation of a password exit in assembler code that supercedes the requirements of the security system.
Back to top
View user's profile Send private message
Phil Solano

New User


Joined: 25 Oct 2007
Posts: 3
Location: TOURS (France)

PostPosted: Mon Oct 29, 2007 8:22 pm    Post subject:
Reply with quote

Thanks cpuhawg for your answer !,

But here the security system CA-TOP-SECRET let us the ability to use special characters with the PASSCHAR(*,:,=,!, and more) control option. Since this option is activated , all the subsystems like CICS or others with signon rules are ok when we use the characters set .... except TSO icon_evil.gif

Then I think that the exit wanted have to superceed the requirements of TSO Logon processor rather than the security system. Do you agree ?

My request is to permit to users to define more hard passwords using this specials characters and to have a "common password verification rule" beetween platforms as Windows Active Directory, Lotus Notes and MVS to obtain a common or single password.

Best Regards icon_smile.gif

Phil
Back to top
View user's profile Send private message
cpuhawg

Active User


Joined: 14 Jun 2006
Posts: 331
Location: Jacksonville, FL

PostPosted: Mon Oct 29, 2007 9:16 pm    Post subject: Reply to: Special chars in the password/newpassword field
Reply with quote

I'm a security administrator for RACF. In RACF, there are settings that define the length and required contents of a mainframe password.

The password exit works with your security system. The exit can be more specific, but cannot override what your security system is set up to accept.

So if RACF passwords can be 6 to 8 positions alphanumeric, an exit can be written to force passwords to be exactly 8 positions and require at least one number and one letter in the password.

I am not very familiar with Top Secret or ACF2 ( I only know the basic password reset commands), but I would think a Top Secret manual would state how passwords are defined to the mainframe.
Back to top
View user's profile Send private message
Phil Solano

New User


Joined: 25 Oct 2007
Posts: 3
Location: TOURS (France)

PostPosted: Tue Oct 30, 2007 12:31 pm    Post subject:
Reply with quote

You are security admin too !! icon_cool.gif

As RACF , TSS (Top-Secret-Systems) has similar rules for password validation ! An "Installation exit" exists too for TSS and I take a look to see if it's possible to take hand to override the TSO logon processor !

Feedback you soon !

And if I can help anyone with top-secret administration ... Ask !

Regards
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> TSO/ISPF All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts READ A PACKED "NEGATIVE" FI... jdesouza CA Products 3 Tue May 02, 2017 11:43 pm
No new posts Alter &DATENS field in HEADER1 Angad DFSORT/ICETOOL 4 Mon Apr 24, 2017 11:49 am
No new posts SORT VSAM file with each field one by... maxsubrat DFSORT/ICETOOL 6 Tue Mar 14, 2017 1:07 pm
No new posts IMS DB-How to update a record (a sing... Nic Clouston IMS DB/DC 9 Thu Mar 09, 2017 4:38 pm
No new posts outrec field outside range Danielle.Filteau SYNCSORT 10 Sat Mar 04, 2017 2:37 am


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us