CA Top Secret for z/OS Question about passwords/phrases

book

Article ID: 38202

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Question:

Can you have Passphases and passwords both set in the Top Secret Parmfile? 

 

Answer:

Yes 

With password and passphrase you can use either. 

If the user types in the correct password, they will get 

logged on. 

Passphrase (NEWPHRASE) is a different field than the Password (NEWPW). This means 

users may have both a password and a pass phrase. 

If both a password and a pass phrase supplied, the pass phrase will 

take precedence. 

If there is a single signon attempt that specifies both 

a password and a passphrase, only the pass phrase will be checked. 

 

Password and passphrase have their own expiration and independent of each 

other. If the user exceeds the violation threshold for either password or 

passphrases, they will be suspended. The user will need to be 

unsuspended first in order for the acid to be used. It doesn’t matter it they 

were suspended when using a passphrase or password. 

 

To require a user to enter only a PASSWORD or PASSPHRASE in 

order to sign on, would be done on the application side not the Top Secret side 

 

In your Control Options setting you could have for example: 

 

TSS9661I CA Top Secret PHRASE Status 

NEWPHRASE(MIN=09,MAX=100,WARN=03,MINDAYS=00,SC=00,MA=00,MN=00) 

PSWDPHRASE(OFF) NPPTHRESH(02) 

PPEXP(030) PPHIST(03) 

 

TSS9661I CA Top Secret PASSWORD Status 

NEWPW(MIN=05,MAX=008,WARN=03,MINDAYS=01,ID,TS,RS,MC) 

HPBPW(002) MSUSPEND(NO) NPWRTHRESH(2) 

PWEXP(030) PWHIST(01) PTHRESH(005) 

 

Additional Information:

Support Online

 

https://docops.ca.com/topsecret

 

Environment

Release:
Component: TSSMVS