Mixed case 8 character password and Password Phrase support in CA Top Secret.
Article ID: 128396
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Handling of 8 character password with password phrase active in CA Top Secret?
How do applications handle 8 character passwords when password phrase support is active in z/OS and CA Top Secret.
Example:
If a user is still using an 8 character password, which in the past was assumed to be in uppercase. Do you have to worry about the case?
How do applications handle 8 character passwords when password phrase support is active in z/OS and CA Top Secret.
Example:
If a user is still using an 8 character password, which in the past was assumed to be in uppercase. Do you have to worry about the case?
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
There are two separate RACROUTE VERIFY calls. One for the 8 character password and one for the password phrase.
So the application must use the right RACROUTE VERIFY signon security call depending on the kind of password they have.
So, if the user application detects a 8 character password , then it must issue the RACROUTE VERIFY for the 8 character password.
If the signon application detects a pass phrase, then it must issue the RACROUTE VERIFY for a password phrase.
To answer your questions:
"For example ROSCOE's sign on screen when pass phrase is enabled has only one field for Password/Passphrase. if the user still is using a 8 char password which in the past I assumed was in uppercase what happens when they enter this password - do they need to worry about the case?"
Answer:
Mixed case characters for the 8 character password is supported by z/OS and CA Top Secret.
If you turn on Mixed case 8 character passwords in CA Top Secret, then yes, you do have to worry about case for 8 character passwords.
If you have Mixed case 8 character password support turned off, then you dont have to worry about the proper case. The password will be automatically upper cased when CA Top Secret verifies the 8 character password.
Of course this is assuming the application issued a RACROUTE VERIFY for an 8 character password.
If the application incorrectly uses a RACROUTE VERIFY for a passphrase and the user enters a 8 character password, the signon will fail. That would be a bug and need to be fixed by the application.
Some applications have functionality that forces the user to enter only password phrases and will not accept an 8 character password. In this case, entering an 8 character password will cause the application to reject the signon and request a password phrase.
So the application must use the right RACROUTE VERIFY signon security call depending on the kind of password they have.
So, if the user application detects a 8 character password , then it must issue the RACROUTE VERIFY for the 8 character password.
If the signon application detects a pass phrase, then it must issue the RACROUTE VERIFY for a password phrase.
To answer your questions:
"For example ROSCOE's sign on screen when pass phrase is enabled has only one field for Password/Passphrase. if the user still is using a 8 char password which in the past I assumed was in uppercase what happens when they enter this password - do they need to worry about the case?"
Answer:
Mixed case characters for the 8 character password is supported by z/OS and CA Top Secret.
If you turn on Mixed case 8 character passwords in CA Top Secret, then yes, you do have to worry about case for 8 character passwords.
If you have Mixed case 8 character password support turned off, then you dont have to worry about the proper case. The password will be automatically upper cased when CA Top Secret verifies the 8 character password.
Of course this is assuming the application issued a RACROUTE VERIFY for an 8 character password.
If the application incorrectly uses a RACROUTE VERIFY for a passphrase and the user enters a 8 character password, the signon will fail. That would be a bug and need to be fixed by the application.
Some applications have functionality that forces the user to enter only password phrases and will not accept an 8 character password. In this case, entering an 8 character password will cause the application to reject the signon and request a password phrase.
Feedback
Yes
No
Powered by
