Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

racf password complexity rules

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics
View previous topic :: :: View next topic  
Author Message
Ismael Vazquez

New User


Joined: 20 Apr 2011
Posts: 6
Location: usa

PostPosted: Thu Apr 21, 2011 12:49 am    Post subject: racf password complexity rules
Reply with quote

I would like to know what rules to use under RACF for the setrops password settings for a more complex rule, using mix characters and forcing caps at specific locations...
Back to top
View user's profile Send private message

cpuhawg

Active User


Joined: 14 Jun 2006
Posts: 331
Location: Jacksonville, FL

PostPosted: Thu Apr 21, 2011 1:06 am    Post subject: Reply to: racf password complexity rules
Reply with quote

Rule complexity is set through SETROPTS.

Code:

PASSWORD(                                           
  HISTORY(number-previous-values) | NOHISTORY       
  INTERVAL(maximum-change-interval)                 
  MINCHANGE(minimum-change-interval)                 
  MIXEDCASE | NOMIXEDCASE                           
  REVOKE(number-incorrect-attempts) | NOREVOKE       
  RULEn(LENGTH(m1:m2) content-keyword (position))   
  | NORULEn                                         
  | NORULES                                         
  WARNING(days-before-expiration) | NOWARNING       
 )                                                   


This rule, for example would allow the password to be 4 to 8 positions and must start with an ALPHA in the 1st position.

Code:

SETROPTS PASSWORD(RULE1(LENGTH(4:8) ALPHA(1))   


Here are the available parameters:

Code:

INSTALLATION PASSWORD SYNTAX RULES:                                   
  RULE 1  LENGTH(8)     ALLLLLLL                                       
 LEGEND:                                                               
  A-ALPHA C-CONSONANT L-ALPHANUM N-NUMERIC V-VOWEL W-NOVOWEL *-ANYTHING
  c-MIXED CONSONANT m-MIXED NUMERIC v-MIXED VOWEL $-NATIONAL           


TSO HELP SETROPTS will provide you the syntax of the command.
Back to top
View user's profile Send private message
Ismael Vazquez

New User


Joined: 20 Apr 2011
Posts: 6
Location: usa

PostPosted: Thu Apr 21, 2011 1:15 am    Post subject:
Reply with quote

Would this rule allow for uppercase alpha characters;;;
RULE 1 LENGTH(8) ALLLLLLL

Does the MIXEDCASE setropts be active?
Back to top
View user's profile Send private message
cpuhawg

Active User


Joined: 14 Jun 2006
Posts: 331
Location: Jacksonville, FL

PostPosted: Thu Apr 21, 2011 1:33 am    Post subject: Reply to: racf password complexity rules
Reply with quote

Your RULE1 would allow for all uppercase alpha characters because A is ALPHA and L is ALPHANUMERIC.

Your default is probably NOMIXEDCASE and you would have to turn it on using SETROPTS to use mixed case. If you did turn it on, you would probably use it with these options: c-MIXED CONSONANT m-MIXED NUMERIC v-MIXED VOWEL.
Back to top
View user's profile Send private message
Ismael Vazquez

New User


Joined: 20 Apr 2011
Posts: 6
Location: usa

PostPosted: Thu Apr 21, 2011 1:37 am    Post subject: setropts
Reply with quote

cpuhawg

I would like to thank you for your input, it's been helpful...
Back to top
View user's profile Send private message
Akatsukami

Global Moderator


Joined: 03 Oct 2009
Posts: 1738
Location: Bloomington, IL

PostPosted: Thu Apr 21, 2011 1:40 am    Post subject:
Reply with quote

Out of curiosity, what characters are considered "mixed numerics"?
Back to top
View user's profile Send private message
cpuhawg

Active User


Joined: 14 Jun 2006
Posts: 331
Location: Jacksonville, FL

PostPosted: Thu Apr 21, 2011 10:16 pm    Post subject: Reply to: racf password complexity rules
Reply with quote

Concerning the Mixed Numeric designation:

Code:

MIXEDNUM Includes all characters of the following     
         three types of MIXEDNUM characters:         
         1. ALPHA characters - includes uppercase     
         alphabetic characters and the national       
         characters # (X'7B'), $ (X'5B'), and @       
         (X'7C')                                     
         2. Lowercase alphabetic characters           
         3. NUMERIC characters.                       
                                                     
         If the password syntax rule requires only one
         MIXEDNUM character, passwords must contain at
         least one character of any one of the three 
         MIXEDNUM character types.                   
                                                     
         If the password syntax rule requires two     
         MIXEDNUM characters, passwords must contain 
         two characters of different MIXEDNUM         
         character types, in one of the following     
         valid combinations:                         
         *  An ALPHA character and a lowercase       
         alphabetic                                   
         *  An ALPHA character and a NUMERIC character
         *  A lowercase alphabetic character and a   
         NUMERIC character.                           
                                                     
         If the password syntax rule requires three or
         more MIXEDNUM characters, passwords must     
         contain three or more MIXEDNUM characters   
         including at least one character of each     
         MIXEDNUM character type.                     
                                                     
Back to top
View user's profile Send private message
Ismael Vazquez

New User


Joined: 20 Apr 2011
Posts: 6
Location: usa

PostPosted: Tue Jul 26, 2011 9:04 pm    Post subject:
Reply with quote

I just had the exit installed for IBM's passphrase, I currently do not have any documentation on how to set it up,,,,any suggestions would help...thank you
Back to top
View user's profile Send private message
enrico-sorichetti

Global Moderator


Joined: 14 Mar 2007
Posts: 10202
Location: italy

PostPosted: Tue Jul 26, 2011 9:10 pm    Post subject: Reply to: racf password complexity rules
Reply with quote

we do not either,
what does the manual tell about RACF password exits ?
for example here, where You can find all You might want to know about racf exits
http://publib.boulder.ibm.com/infocenter/zos/v1r12/index.jsp?topic=/com.ibm.zos.r12.icha200/passphrase.htm

or starting from here for the whole shebang of zOS manuals
http://www-03.ibm.com/systems/z/os/zos/bkserv/index.html
Back to top
View user's profile Send private message
Ismael Vazquez

New User


Joined: 20 Apr 2011
Posts: 6
Location: usa

PostPosted: Wed Jul 27, 2011 8:52 pm    Post subject:
Reply with quote

Need some help on 'IBM PASSWORD PASSPHRASE'; I currently have my system settings as 'MIXEDCASE' with rule1 set as '1,2,3,4,5,6,7,8'; I'm trying to set my PASSPHRASE to 'idontwant2usepf', but keep getting the following error msg 'ICH21039I - NEW PASS PHRASE REJECTED BY RACF RULES',,,can anyone shed some light on what I'm doing wrong. Appreciate any help...thank u.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7913
Location: Bellevue, IA

PostPosted: Wed Jul 27, 2011 9:01 pm    Post subject:
Reply with quote

From the Messages And Codes manual:
Quote:
| 2.17.37 ICH21039I



| ICH21039I NEW PASS PHRASE REJECTED BY RACF RULES


| Explanation: You specified a potential pass phrase that does
| not adhere to the following syntax rules:

| The user ID is not part of the pass phrase.

| At least 2 alphabetics are specified (A - Z, a - z).

| At least 2 non-alphabetics are specified (numerics,
| punctuation, special characters).

| No more than 2 consecutive characters are identical.


| System Action: RACF ignores the operand and continues command
| processing with the next operand.


| User Response: Try again with a different pass phrase.
You need to learn how to read the manuals, especially the MAC manual.
Back to top
View user's profile Send private message
Ismael Vazquez

New User


Joined: 20 Apr 2011
Posts: 6
Location: usa

PostPosted: Wed Jul 27, 2011 9:08 pm    Post subject:
Reply with quote

Where can I find a MAC manual...
Back to top
View user's profile Send private message
enrico-sorichetti

Global Moderator


Joined: 14 Mar 2007
Posts: 10202
Location: italy

PostPosted: Wed Jul 27, 2011 9:18 pm    Post subject: Reply to: racf password complexity rules
Reply with quote

the first line of Robert' s post tells what MAC means

where to start looking for manuals was in my previous post
Back to top
View user's profile Send private message
dick scherrer

Site Director


Joined: 23 Nov 2006
Posts: 19270
Location: Inside the Matrix

PostPosted: Wed Jul 27, 2011 9:24 pm    Post subject:
Reply with quote

Hello,

MAC = Messages and Codes

Follow this link:
http://www-03.ibm.com/systems/z/os/zos/bkserv/lookat/
and paste ICH21039I into the message id. Select your platform and click Go.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts RACF profile access vasanthz All Other Mainframe Topics 11 Fri Sep 23, 2016 5:51 am
No new posts Random Password (in string format) ge... ezhavendhan COBOL Programming 10 Mon Aug 29, 2016 3:18 pm
No new posts RACF Easytrieve Plus macro Susan Jackson CA Products 0 Fri Jun 03, 2016 8:25 pm
No new posts REST API call - username and password... vasanthz All Other Mainframe Topics 1 Thu Mar 10, 2016 6:34 pm
No new posts Need help in Finding who changed the ... steve-myers JCL & VSAM 6 Wed Jan 27, 2016 9:01 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us