View previous topic :: View next topic
|
Author |
Message |
Phil Solano
New User
Joined: 25 Oct 2007 Posts: 3 Location: TOURS (France)
|
|
|
|
Hello everybody !
I have a problem with TSO/E and the Logon processor.
TSO doesn't accept any special characters in passwords, and only a few National characters are accepted. This is clearly documented.
Others logon processors in Zos (1.8 here) like CICS accepts special characters
Do you know about any solution (customizing IKJ members or using any patch or EXIT) to make TSO to accept at least characters like this :
Ampersand & , Asterisk * , Percentage sign % , Question mark ? , Equal sign = ... and others
Thanx in advance and excuse me for my bad English
Take care
Phil |
|
Back to top |
|
|
cpuhawg
Active User
Joined: 14 Jun 2006 Posts: 331 Location: Jacksonville, FL
|
|
|
|
There are at least 3 popular security packages that protect the mainframe. They are RACF (IBM), Top Secret, and ACF2.
RACF allows only the @ (at sign), # (pound sign), and $ (dollar sign) as valid characters in the password field.
The only method that I'm aware of that can expand the special characters that a password will accept would be the installation of a password exit in assembler code that supercedes the requirements of the security system. |
|
Back to top |
|
|
Phil Solano
New User
Joined: 25 Oct 2007 Posts: 3 Location: TOURS (France)
|
|
|
|
Thanks cpuhawg for your answer !,
But here the security system CA-TOP-SECRET let us the ability to use special characters with the PASSCHAR(*,:,=,!, and more) control option. Since this option is activated , all the subsystems like CICS or others with signon rules are ok when we use the characters set .... except TSO
Then I think that the exit wanted have to superceed the requirements of TSO Logon processor rather than the security system. Do you agree ?
My request is to permit to users to define more hard passwords using this specials characters and to have a "common password verification rule" beetween platforms as Windows Active Directory, Lotus Notes and MVS to obtain a common or single password.
Best Regards
Phil |
|
Back to top |
|
|
cpuhawg
Active User
Joined: 14 Jun 2006 Posts: 331 Location: Jacksonville, FL
|
|
|
|
I'm a security administrator for RACF. In RACF, there are settings that define the length and required contents of a mainframe password.
The password exit works with your security system. The exit can be more specific, but cannot override what your security system is set up to accept.
So if RACF passwords can be 6 to 8 positions alphanumeric, an exit can be written to force passwords to be exactly 8 positions and require at least one number and one letter in the password.
I am not very familiar with Top Secret or ACF2 ( I only know the basic password reset commands), but I would think a Top Secret manual would state how passwords are defined to the mainframe. |
|
Back to top |
|
|
Phil Solano
New User
Joined: 25 Oct 2007 Posts: 3 Location: TOURS (France)
|
|
|
|
You are security admin too !!
As RACF , TSS (Top-Secret-Systems) has similar rules for password validation ! An "Installation exit" exists too for TSS and I take a look to see if it's possible to take hand to override the TSO logon processor !
Feedback you soon !
And if I can help anyone with top-secret administration ... Ask !
Regards |
|
Back to top |
|
|
|