Force 1 Special Character And 1 Numeric Character In New Password.


Article ID: 53164


Updated On:


CA Cleanup CA Datacom CA DATACOM - AD CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE



Is there a way to force the user community to provide at least 1 special character and 1 numeric character in their password? When the NEWPW control option is changed in the CA Top Secret parameter file changes(NEWPW), when does it become effective?


NEWPW(FN) will force at least 1 numeric. (NEWPW(FA) will force at least 1 alphabetic character.)

For special characters, use the PASSCHAR control option in conjunction with the NEWPW(SC). PASSCHAR contains a list of special characters which can be used in new passwords. Special characters may not be acceptable in some applications or at some levels of the operating system. Valid special characters are:

.. Ampersand &
.. Asterisk *
.. At @
.. Colon :
.. Dollar $
.. Equal sign =
.. Exclamation mark !
.. Hyphen -
.. Logical Not ¬ .. Percentage sign % .. Period . .. Pound (hash) # .. Question mark ? .. Underscore _ .. Vertical line |

When used in conjunction with control option NEWPW(SC), all passwords must be defined with at least one of the characters in the PASSCHAR list. If NEWPW(SC) is absent, PASSCHAR characters are optional. If no characters are defined in PASSCHAR, NEWPW(SC) has no effect. NEWPW(SC) is a global option for all passwords and facilities. Only use NEWPW(SC) if every application which requires a security password accepts special characters. So to force 1 numeric and 1 special character, use the following in the CA Top Secret parameter file:

PASSCHAR(...) where '...' is the list of special characters you want used. (Up to 16 characters can be specified, separated by a comma.)

NEWPW(...SC,FN) where '...' represents anything currently specified in the NEWPW control option. Issue TSS MODIFY(STATUS(PASSWORD)) to see the current NEWPW setting.

To pick up changes in the CA Top Secret parameter file, CA Top Secret must be recycled (temporary shutdown and restart). Or you can dynamically set these via:



(The TSS MODIFY command is only valid until the next recycle of CA Top Secret.) Once set, the next time a user changes their password, users will need to specify at least 1 numeric and 1 special character.

The NEWPW control option specifies restrictions for new passwords specified by a user, so this option doesn't affect new passwords set with the TSS command by a CA Top Secret administrator.

Additional Information:

Please see the CA Top Secret Control Options Guide for more information on the NEWPW and PASSCHAR control options.


Release: TOPSEC00200-15-Top Secret-Security