View previous topic :: View next topic
|
Author |
Message |
Ismael Vazquez
New User
Joined: 20 Apr 2011 Posts: 6 Location: usa
|
|
|
|
I would like to know what rules to use under RACF for the setrops password settings for a more complex rule, using mix characters and forcing caps at specific locations... |
|
Back to top |
|
|
cpuhawg
Active User
Joined: 14 Jun 2006 Posts: 331 Location: Jacksonville, FL
|
|
|
|
Rule complexity is set through SETROPTS.
Code: |
PASSWORD(
HISTORY(number-previous-values) | NOHISTORY
INTERVAL(maximum-change-interval)
MINCHANGE(minimum-change-interval)
MIXEDCASE | NOMIXEDCASE
REVOKE(number-incorrect-attempts) | NOREVOKE
RULEn(LENGTH(m1:m2) content-keyword (position))
| NORULEn
| NORULES
WARNING(days-before-expiration) | NOWARNING
)
|
This rule, for example would allow the password to be 4 to 8 positions and must start with an ALPHA in the 1st position.
Code: |
SETROPTS PASSWORD(RULE1(LENGTH(4:8) ALPHA(1))
|
Here are the available parameters:
Code: |
INSTALLATION PASSWORD SYNTAX RULES:
RULE 1 LENGTH(8) ALLLLLLL
LEGEND:
A-ALPHA C-CONSONANT L-ALPHANUM N-NUMERIC V-VOWEL W-NOVOWEL *-ANYTHING
c-MIXED CONSONANT m-MIXED NUMERIC v-MIXED VOWEL $-NATIONAL
|
TSO HELP SETROPTS will provide you the syntax of the command. |
|
Back to top |
|
|
Ismael Vazquez
New User
Joined: 20 Apr 2011 Posts: 6 Location: usa
|
|
|
|
Would this rule allow for uppercase alpha characters;;;
RULE 1 LENGTH(8) ALLLLLLL
Does the MIXEDCASE setropts be active? |
|
Back to top |
|
|
cpuhawg
Active User
Joined: 14 Jun 2006 Posts: 331 Location: Jacksonville, FL
|
|
|
|
Your RULE1 would allow for all uppercase alpha characters because A is ALPHA and L is ALPHANUMERIC.
Your default is probably NOMIXEDCASE and you would have to turn it on using SETROPTS to use mixed case. If you did turn it on, you would probably use it with these options: c-MIXED CONSONANT m-MIXED NUMERIC v-MIXED VOWEL. |
|
Back to top |
|
|
Ismael Vazquez
New User
Joined: 20 Apr 2011 Posts: 6 Location: usa
|
|
|
|
cpuhawg
I would like to thank you for your input, it's been helpful... |
|
Back to top |
|
|
Akatsukami
Global Moderator
Joined: 03 Oct 2009 Posts: 1788 Location: Bloomington, IL
|
|
|
|
Out of curiosity, what characters are considered "mixed numerics"? |
|
Back to top |
|
|
cpuhawg
Active User
Joined: 14 Jun 2006 Posts: 331 Location: Jacksonville, FL
|
|
|
|
Concerning the Mixed Numeric designation:
Code: |
MIXEDNUM Includes all characters of the following
three types of MIXEDNUM characters:
1. ALPHA characters - includes uppercase
alphabetic characters and the national
characters # (X'7B'), $ (X'5B'), and @
(X'7C')
2. Lowercase alphabetic characters
3. NUMERIC characters.
If the password syntax rule requires only one
MIXEDNUM character, passwords must contain at
least one character of any one of the three
MIXEDNUM character types.
If the password syntax rule requires two
MIXEDNUM characters, passwords must contain
two characters of different MIXEDNUM
character types, in one of the following
valid combinations:
* An ALPHA character and a lowercase
alphabetic
* An ALPHA character and a NUMERIC character
* A lowercase alphabetic character and a
NUMERIC character.
If the password syntax rule requires three or
more MIXEDNUM characters, passwords must
contain three or more MIXEDNUM characters
including at least one character of each
MIXEDNUM character type.
|
|
|
Back to top |
|
|
Ismael Vazquez
New User
Joined: 20 Apr 2011 Posts: 6 Location: usa
|
|
|
|
I just had the exit installed for IBM's passphrase, I currently do not have any documentation on how to set it up,,,,any suggestions would help...thank you |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
Back to top |
|
|
Ismael Vazquez
New User
Joined: 20 Apr 2011 Posts: 6 Location: usa
|
|
|
|
Need some help on 'IBM PASSWORD PASSPHRASE'; I currently have my system settings as 'MIXEDCASE' with rule1 set as '1,2,3,4,5,6,7,8'; I'm trying to set my PASSPHRASE to 'idontwant2usepf', but keep getting the following error msg 'ICH21039I - NEW PASS PHRASE REJECTED BY RACF RULES',,,can anyone shed some light on what I'm doing wrong. Appreciate any help...thank u. |
|
Back to top |
|
|
Robert Sample
Global Moderator
Joined: 06 Jun 2008 Posts: 8697 Location: Dubuque, Iowa, USA
|
|
|
|
From the Messages And Codes manual:
Quote: |
| 2.17.37 ICH21039I
| ICH21039I NEW PASS PHRASE REJECTED BY RACF RULES
| Explanation: You specified a potential pass phrase that does
| not adhere to the following syntax rules:
| The user ID is not part of the pass phrase.
| At least 2 alphabetics are specified (A - Z, a - z).
| At least 2 non-alphabetics are specified (numerics,
| punctuation, special characters).
| No more than 2 consecutive characters are identical.
| System Action: RACF ignores the operand and continues command
| processing with the next operand.
| User Response: Try again with a different pass phrase. |
You need to learn how to read the manuals, especially the MAC manual. |
|
Back to top |
|
|
Ismael Vazquez
New User
Joined: 20 Apr 2011 Posts: 6 Location: usa
|
|
|
|
Where can I find a MAC manual... |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
|
|
the first line of Robert' s post tells what MAC means
where to start looking for manuals was in my previous post |
|
Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006 Posts: 19244 Location: Inside the Matrix
|
|
Back to top |
|
|
|