Previous Topic: About Passwords and Password PhrasesNext Topic: Password Phrase Control Options

Passwords and Password PhrasesPassword Control Options

Password Control Options

The following control options control CA Top Secret password operation:

INACTIVE

This option defines the number of days before CA Top Secret denies use of an ACID with an expired password. This option is inactive by default.

CA recommends that this option be used to deter use of ACIDs with expired passwords. Set the inactivity threshold high enough to allow normal periods of inactivity, such as vacations, and low enough to limit exposure from employees who have transferred or terminated. The inactivity threshold is typically set at 30 days.

NEWPW

This option defines the new password rules that are applied to passwords installation-wide. The options available for new passwords include content or pattern restrictions, minimum length, and minimum number of days between password changes.

PTHRESH

This option sets a password violation threshold, which when exceeded, suspends the user. The threshold count begins from the last successful sign-on. As you increase the threshold, password guessing by unauthorized users has a greater chance of success.

Default: 3

PWEXP

This control option specifies a password expiration interval that, in effect, becomes the default interval for the installation. Changing the expiration interval has no effect on current users; only on those created after the change.

PWHIST

This control option specifies how many passwords are retained in history to ensure that users do not reuse common passwords.

Range: Up to 64

PWVIEW

This control option suppresses the viewing of users’ passwords. If set to YES, PWVIEW allows the display of passwords if the administrator has the PWVIEW authority level specified in the DATA parameter of the TSS ADMIN command function.

RPW

If you prevent users from entering new passwords prefixed in the restricted password list (RS suboption of the NEWPW control option), you can add additional restrictions to this list. This option allows you to modify the restricted password list. You can include prefixes specific to your organization, such as, corporate names or acronyms. This option restricts attempts at password guessing by restricting passwords that may be common to your organization.

For more information, see the Control Options Guide.