Pass Phrase Configuration Questions

book

Article ID: 187125

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Please advise what parameters are needed  to meet all of the following password phrase "standards" as published on the IBM Knowledge Center page ...

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

·         The length of a password phrase can be between 9 and 100 characters.

·         The user ID must not be part of the password phrase.

·         At least 2 alphabetic characters must be included.

·         At least 2 non-alphabetic characters such as numbers, punctuation marks, and special characters must be included.

·         Valid characters are as follows:

·         Alphabetic uppercase and lowercase characters.

·         Numbers 0 through 9.

·         National and special characters such as # , @ , and $ .

·         Punctuation characters.

·         Blank spaces.

·         No more than 2 consecutive characters can be the same.

·         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

1. The length of a
password phrase can be between 9 and 100 characters.
Answer:
NEWPHRASE(MIN=9,MAX=100)

NEWPHRASE is documented at the following link.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/using/specifying-control-options-to-modify-your-security-environment/newphrase-implement-password-phrase-rules.html

2. The user ID must notbe part of the password phrase.
Answer:
NEWPHRASE(ID)
    
3. At least 2 alphabetic characters must be included.
Answer:
NEWPHRASE(MA=2)
       
4. At least 2 non-alphabetic characters such as numbers, punctuation marks, and special characters must be included.
Answer:
NEWPHRASE(SC=2)

You also need to specify the allowed special characters for a phrase via PPSCHAR control options:
PPSCHAR(list_special_charaters_allowed_to_be_used_in_phrases)

PPSCHAR is documented at the following link.


      
5. Valid characters are as follows:

-Alphabetic uppercase and lowercase characters.
-Numbers 0 through 9.
-National and special characters such as # , @ , and $ .
-Punctuation characters.
-  Blank spaces.
Answer:
All supported, but for special characters you need to add them to the PPSCHAR(list_special_charaters_alowed_to_be_used_in_phrases) so they will be allowed to be used. When you specify blanks, you must specify it in hex.

Please see PPSCHAR documentation to see how to specify allowed special character phrase list.

        
6. No more than 2 consecutive characters can be the same.
Answer:
NEWPHRASE(NR=2)

Additional Information

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/using/specifying-control-options-to-modify-your-security-environment/newphrase-implement-password-phrase-rules.html