Previous Topic: Password and Passphrase SecurityNext Topic: Password Controls

Password and Passphrase SecurityDefining Passwords

Defining Passwords

CA Top Secret utilizes password security as a means of protecting User and Control ACIDs from unauthorized access. A wide variety of password security policies can be implemented through the password protection controls and options provided by CA Top Secret. Although password validation can be overriden for selected ACIDs, the use of password security is highly recommended and encouraged.

The main vehicle for defining passwords to CA Top Secret is the PASSWORD keyword. The PASSWORD keyword is used in conjunction with TSS commands. It allows administrators to specify a password, an optional automatic expiration interval or a statement that can expire the password the first time it is used. For example, the following assigns the User ACID, USER01, the password HAPPY, which will expire the first time it is used. 

TSS CRE(USER01) NAME('MAX SMILEY') DEPT(FINANCE)
    FAC(VM) PASSWORD(HAPPY,,EXP)

Since no expiration interval has been specified, the succeeding password will expire in the system default value, set by the installation.

Note: The PWEXP control option can be used to specify a default password expiration interval for new users. This interval can range from 0 - 255. Specifying 0 indicates that passwords for new users will never expire.

If an administrator chooses to specify an expiration interval for USER01, then they should enter the following which would set the password expiration interval at the maximum of 255 days.

TSS CRE(USER01) NAME('MAX SMILEY') DEPT(FINANCE)
    FAC(VM) PASSWORD(HAPPY,255)

If no password is required for USER01, then the NOPW option should be used instead:

TSS CREATE(USER01) NAME('MAX SMILEY') DEPT(FINANCE)
    FAC(VM) PASSWORD(NOPW)

Unless otherwise specified, CA Top Secret will automatically assume that a user’s password applies to all facilities to which that user has access. However, if that is not to be the case, then the MULTIPW keyword can be used. The MULTIPW keyword can be set to allow different passwords to be used for different facilities. For example, the following example assigns the indicated passwords to the respective facilities.

TSS CRE(USER01) NAME('MAX SMILEY') DEPT(FINANCE)
    FAC(VM) PAS(HAPPY) MULTIPW

TSS ADD(USER01) PAS(SUNNY) FAC(VMTEST,VMPROD)

Note: Remember, an administrator must have ACID(CREATE) authority and an administrative scope that includes the specified department, in order to define any user.