What is the procedure to implement PASSPHRASE on users for a 14 character password? The client has determined the applications this will affect.

Release : 

Component : Top Secret for z/OS

IMPORTANT: the password phrase can only be used if the application (CICS, TSO, ROSCOE, etc) supports password phrases. If you are not sure if the application supports password phrases, you will need to check with the support group for that product.

On the Top Secret side:
- The first thing to do is TSS MODIFY and make sure that NEW_PASSWORD(Active) is shown in the output.

- The next thing to do is set up the passphrase related control options based on your security policy requirements. For example:

NEWPHRASE(MIN=9,MAX=14,WARN=03,MINDAYS=03,NR=3,SC=00,MA=00,MN=03)
NPPTHRESH(5)
PPEXP(060)
PPHIST(12)
PSWDPHRASE(ON)

NOTE: If PSWDPHRASE(OFF) is set, users must have the PSWDPHR attribute set to specify a password phrase.

The above are just examples. The control options should be set to your site's standards.

- If the ACID does not already have a passphrase, add a phrase and expire it to force the user to change it. For example:

TSS ADD(acid) PHRASE(thisisthepassphrase,nnn,EXP)

where 'nnn' is the expiration interval for the passphrase.