Valid on z/OS and z/VM.
Use the NEWPW control option to restrict when and in what format a new password can be altered. The restrictions apply to:
NEWPW restrictions are not used when an administrator enters a new password with the TSS command. If NEWPW is not is included in the parameter file, when CA Top Secret starts or restarts NEWPW defaults to:
NEWPW(MIN=04,MAX=008,WARN=03, MINDAYS=01,NR=0,ID,TS,RS)
This option has the following format:
TSS MODIFY NEWPW ([FA],[FN],[ID],[MASK=mask],[MC],[MAX=n],[MIN=n],
[MINDAYS=nn],[NM],[NO],[NR=n],[NU],[NV],[RN],[RS],[SC],
[SW],[TS],[LC],[UC],[WARN=nn])
Forces specification of at least one alphabetic character. When MC is also set, both lower and upper case alphabetic characters can be used.
Forces specification of at least one numeric character.
Prevents a user from specifying a new password:
For example, a user named PERCY SNORTHAMMER is prohibited from entering new passwords like SNORT or PERC56. When MC is also set, SnoRT and pERc56 are prohibited.
Specifies that the new password must contain at least one lowercase letter. The Mixed Case (MC) option must be specified before setting this option.
Allows the security administrator to create a mask to dictate the type of character accepted for each position in a password. CA Top Secret applies this mask to user initiated and randomly generated password changes. Character types used in the mask are:
An entry of MASK=vnvn could generate password: A5I6.
If more than one of the options MASK, NM, and NV are specified, the mask takes the value of the right most option.
When MC is also set, the alphabetic mask characters a,c,v, and x are satisfied by an uppercase or lowercase letter. For example, both "a" and "A" are considered vowels.
Specifies the maximum password length. This entry can only be set when the security file has been copied by TSSXTEND with the option NEWPWBLOCK.
Minimum: Set by the MIN=n option
Maximum: 8 bytes
Default: 8 (If NEWPW is re-specified and MAX is omitted, the previous value of MAX is preserved.)
Selects the minimum length of a password or the mask used to generate random passwords.
Range: 1 to 8
Default: 4 (If NEWPW is re-specified and MIN is omitted, the previous value of MIN is preserved.)
Indicates that passwords are processed in mixed case format. This entry can only be set when the security file has been copied by TSSXTEND with the option NEWPWBLOCK. z/OS 1.7 or higher is required to use mixed case passwords during system entry validation.
Note: Applications that are unable to accept mixed case passwords capitalize mixed case input. Do not use mixed case passwords unless in a MULTIPW facility.
Sets the number of days after a password has been changed that a user is not allowed to change his password again. To have no limitation on how frequently a password can be changed, specify MINDAYS=00.
Range: 00 through 99
Default: 01 (If NEWPW is re-specified and MINDAYS is omitted, the previous value of MINDAYS is preserved.)
Notes:
Indicates that only numbers can be used in a new password. NM is the equivalent of MASK=NNNNNNNN. If MASK, NM, or NV are specified in NEWPW, only the right most is in effect.
Indicates that only the MIN= and MINDAYS= sub—options apply to new passwords. WARN= remains in effect.
Specifies the number of pairs of repeating characters in a new password. NR or NR=0 indicates that no characters can be repeated.
When MC is also set, an alphabetic character (in upper or lowercase) is considered a repetition. For example, rABbiT contains a repetition of “B” despite the change in case.
Default: If NR is specified without =n, the default is NR=0. If NR is omitted, the default numeric limit is MAX.
Prevents ACID TYPE(USER) from changing their passwords.
Indicates that vowels cannot appear in a new password. NV is the equivalent of MASK=XXXXXXXX. If the options MASK, NM, NV are specified, only the right most is in effect. If MC is also set, NV is satisfied by any lowercase or uppercase non-vowel.
CA Top Secret randomly generates a password for users when their password expires.
Note: If the FACILITY control option contains RNDPW and NEWPW(RN) is set, CA Top Secret automatically generate a random password for the user whose password has expired. However, if the NEWPW option does not have RN set, a user can still specify a random password by typing the word RANDOM in the new password field at logon.
If the FACILITY control option does not contain RNDPW, CA Top Secret ignores this option.
Random password generation is always uppercase, whether or not MC is set.
See FACILITY for details. STC and BATCH facilities do not support this feature.
Prevents the user from specifying a new password whose initial characters match one of the entries in the RPW prefix list See RPW. When MC is set, the password is checked against the restricted password and any upper or mixed case equivalents.
Specifies that all new passwords must have at least one character selected from the PASSCHAR list. If a list is not defined, this option is ignored. This option is global, some applications or operating systems may not accept special character in passwords. Implementing this option is the administrator's responsibility.
Default: No
Specifies that the new password must contain a special character ($, @, #) between the first and last position. For example:
BIG$RED, I$AM@ME
Prevents users from specifying a password too similar to their previous password. A new password is considered to be too similar if:
New passwords that are identical to previous passwords are always rejected, regardless of the NEWPW setting. When MC is set, both password history checking and TS processing test for mixed and uppercase equivalents.
Specifies that the new password must contain at least one uppercase letter. The Mixed Case (MC) option must be specified before setting this option.
Specifies the interval in days which warn users that their passwords or ACIDs are about to expire.
Default: 3 (If NEWPW is re-specified and WARN is omitted, the previous value of WARN is preserved.)
|
Copyright © 2013 CA.
All rights reserved.
|
|