Password phrases may be used for user authentication with applications that support password phrases. You may have a password and a password phrase defined to your Logonid. Password phrases are not required to be specified. You can authenticate passwords for applications that support only passwords. However, passwords and password phrases are mutually exclusive for authentication. You may authenticate using only one, a password or password phrase, but not both, during a single authentication process for applications that support both passwords and password phrases.
The VMO PWPHRASE record allows you to set the following global password phrase options and controls:
|
Record ID |
Fields |
|---|---|
|
PWPHRASE |
ALLOW|NOALLOW |
Specifies whether all users on the system are allowed to authenticate using a password phrase. The default is NOALLOW, which indicates that authentication with a password phrase is not allowed for all users.
Note: The NOALLOW option may be overridden by specifying the PWPALLOW option on the Logonid. For more information, see the PWPALLOW option in the Logonid Record Field Descriptions section of the chapter "About the Logonid Record."
Specifies the minimum number of alphabetic characters (a-z or A-Z) required in a new password phrase. Valid values are 0 - 100. The default is 0, which indicates that CA ACF2 for VM will not validate the password phrase for alphabetic characters.
Note: Changes to this parameter take effect at the next password phrase change of the user.
Specifies if password phrase changes are allowed with the ACF CHANGE command. The default is CMD-CHG, which permits password phrase changes through the ACF CHANGE command.
Note: This option does not affect administrators who are changing the password phrases of other users. It does, however, affect administrators changing their own password phrases. The purpose of the CMD-CHG option is to require users to change their password phrases only at system entry.
Specifies the number of previous password phrases to be checked to prevent reuse of a password phrase. Valid values are 0- 32. A value of either 0 or 1 indicates that no previous password phrases are checked; only the current password phrase is checked (the default is 0).
For example, specifying HISTORY(2) indicates that the current password phrase and the previous password phrase are checked. HISTORY(32) indicates that the current password phrase and the last 31 previous password phrases are checked.
Specifies that a logonid cannot be contained in any part of a new password phrase. The default is NOLID, which indicates that CA ACF2 for VM will not check for a logonid in a new password phrase.
Note: Before the password phrase is compared to the logonid, it is temporarily upper-cased. Changes to this parameter take effect at the next password phrase change of the user.
Specifies the global value for the maximum number of days permitted between password phrase changes before the password phrase expires. This is based on the date specified in the PWP-TOD field in the User PWPHRASE Profile record. Valid values are 0-255. The default is 0, indicating that there is no global value set
Note: Any non-zero value in the PWP-MAXD field of the User PWPHRASE Profile record will override this value for validations.
Specifies the global maximum number of characters allowed in a new password phrase. Valid values are 9-200. The default is 100.
Note: If you use the Database Synchronization Component to logically share databases with another system, each system must have the same value for the MAXLEN field.
Specifies the global value for the minimum number of days that must elapse before a password phrase can be changed. Valid values are 0-254. The default is 0, indicating that there is no value set.
Specifies the global minimum number of characters required in a new password phrase. Valid values are 9-200. The default is 9.
Note: If you use the Database Synchronization Component to logically share databases with another system, each system must have the same value for the MINLEN field.
Specifies the global minimum number of words required in a new password phrase. Words are delimited by one or more spaces (x'40'). Valid values are 0-50. The default is 1. Zero indicates that this option is not active and CA ACF2 for VM will not perform validation of new password phrases for this option.
Note: Changes to this parameter take effect at the next password phrase change.
Specifies the minimum number of numeric characters (0-9) required in a new password phrase. Valid values are 0-100. The default is 0, which indicates that CA ACF2 for VM will not validate the new password phrase for numeric characters.
Note: Changes to this parameter take effect at the next password phrase change of the user.
Specifies the number of consecutively repeating pairs of characters allowed in a new password phrase. Valid values are 0-99. The default is null-specified as REPCHAR(), which indicates that CA ACF2 for VM will not validate the new password phrase for consecutively repeating pairs of characters. A value of 0 indicates that the new password phrase cannot contain any consecutively repeating pairs of characters, for example, RABIT. A value of 1 indicates that a new password phrase can contain up to one consecutively repeating pair of characters, for example RABIT, RABBIT, but not RABBBIT). A valid new password phrase could be "The rabbit jumped" or "I need your help". However, CA ACF2 for VM will not allow "The rabbbit jumped" since "bbb" is considered two consecutively repeating characters.
Note: Changes to this parameter take effect at the next password phrase change of the user.
Specifies the minimum number of special characters required in a new password phrase. Special characters include: characters listed in the SPECLIST() field of this record, national characters (@ # $), and blanks (spaces). Valid values are 0-100. The default is 0, which indicates that no special characters are required. For example, when SPECIAL(3) is specified, a valid password phrase must contain at least three special characters, such as: "reading and writing are great skills" and "jane doe@companyx is my email."
Note: Changes to this parameter take effect at the next password phrase change of the user.
Specifies the list of valid, non-alphanumeric characters that may be contained in a new password phrase in addition to default alphanumeric (a z, A-Z, 0-9), national (@ # $) characters and blanks (spaces). If this field is not specified, the default is national characters and blanks. The following character values that may be specified in this field are:
|
Character Name |
Character |
|---|---|
|
Ampersand |
& |
|
Asterisk |
* |
|
Carat |
^ |
|
Colon |
: |
|
Equal sign |
= |
|
Exclamation point |
! |
|
Hyphen |
- |
|
Percent sign |
% |
|
Period |
. |
|
Question mark |
? |
|
Underscore |
_ |
|
Vertical line |
| |
Example: When SPECLIST(& * -) is specified, a valid password phrase can contain ampersand(&), asterisk(*), and hyphen(-) characters. The following are examples of valid password phrases: 'NEW#PHRA', 'NEW*PH&A', '123#PHRA', 'NEWPHRA@' or '#NEW-PHR'.
Note: Single and double quote marks are not permitted within new password phrases. Changes to this parameter take effect at the next password phrase change of the user.
Specifies whether temporary password phrases will be included in the password phrase history. A "temporary password phrase" is a new password phrase that is immediately expired at the time it is set. The default is TEMP-AGE, temporary password phrases will be aged.
Specifies the number of days a warning message is issued before the password phrase expires. On those days, a warning message is displayed each time a user tries to access the system.
Valid values are 0-255. The default is 1. If zero is specified, no warning message is issued.
To implement the use of password phrases, the initial password phrase must be set for the user by inserting the PWPHRASE segment of the USER profile record.
You must issue the following command for the insert or change to the VMO PWPHRASE record to take effect. CA ACF2 for VM does not recognize the change until the VMO records are built at the next IPL of the system.
ACFSERVE RELOAD CONTROL VMO PWPHRASE
Display the VMO PWPHRASE Password Phrase options defined to the system with the SHOW STATE command.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|