Previous Topic: RESETSTATS—Reset Stats CountersNext Topic: SECCACHE—Security Record Cache

Specific Control OptionsRPW—Restricted Password List

RPW—Restricted Password List

Valid on z/OS nad z/VM.

Use the RPW control option to allow the site to modify and list the contents of the restricted password list. This allows the site to prevent the use of obvious passwords such as company names, titles, month and names. Mixed case passwords are temporarily transformed to uppercase before being checked against the RPW prefixes.

The supplied RPW is loaded initially at startup. It can be modified anytime afterward via the RPW control options. It is not rebuilt other than from REINIT of CA Top Secret.

All entry methods are accepted.

This control option has the following format:

RPW(LIST)|(RESET)|(ADD,password,...)|(REMOVE,password,..)
LIST

Displays contents of restricted password list. This operand is not protected since it does not alter security.

RESET

Removes all password prefixes currently in the restricted password list, including the product defaults. Once the RPW (RESET) option clears all user and default password restrictions, the 33 default prefixes can only be recovered by manual RPW(ADD,…) or automatically by a REINIT of CA Top Secret.

ADD

Adds one or more password prefixes to the restricted password list.

password

One‑ to seven‑character password prefix.

REMOVE

Removes one or more password prefixes from restricted password list.

The Restricted Password List

CA Top Secret provides a list of a maximum 511 password prefixes, which cannot be used as new passwords. Of the 511 password prefixes, 33 are default entries. This list is only in effect for NEW passwords that are entered while the NEWPW(RS) control option is in effect.

Restricted Passwords and Password Prefixes

APPL APR ASDF AUG BASIC CADAM

DEC DEMO FEB FOCUS GAME IBM

JAN JUL JUN LOG MAR MAY

NET NEW NOV OCT PASS ROS

SEP SIGN SYS TEST TSO VALID

VTAM XXX 1234

Capacity of the List

The table provided by CA may contain up to 511 password prefixes (including the 33 default password prefixes). A site may specify as many RPW control option entries as required.

Protection of the RPW Control Option

Use of the RPW control option is protected by the accountability feature. CA Top Secret prompts the person entering the command for the authorized ACID/password combination before processing the command.

Examples: RPW control option

This example indicates that CA Top Secret should not accept a set of new passwords if specified by users:

F TSS,RPW(ADD,STAFF1,BATMAN,MYPASSW,MGRPASS)

The passwords shown above will no longer be able to be specified as new passwords. Users who are currently using these passwords will function normally.

This example removes a password from the list:

F TSS,RPW(REMOVE,BATMAN)

BATMAN may now be selected as a new password.

This example determines the current contents of the restricted password list:

TSS MODIFY(RPW (LIST))
IBM     TEST    SYS     LOG     SIGN    TSO   
PASS    NEW     VTAM    NET     APPL    ROS   
BASIC   FOCUS  CADAM   VALID   DEMO    GAME  
JAN     FEB     MAR     APR     MAY     JUN   
JUL     AUG     SEP     OCT     NOV     DEC   
XXX     ASDF    1234    STAFF1  BATMAN  MYPASSW
MGRPASS                                       
MODIFY   FUNCTION SUCCESSFUL

This example removes all restricted passwords prefixes (including the product defaults) and restore the product defaults at the next REINIT of CA Top Secret:

TSS MODIFY RPW(reset)