Force 1 Special Character And 1 Numeric Character In New Password.
search cancel

Force 1 Special Character And 1 Numeric Character In New Password.

book

Article ID: 53164

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Question:

Is there a way to force the user community to provide at least 1 special character and 1 numeric character in their password? When the NEWPW control option is changed in the CA Top Secret parameter file changes(NEWPW), when does it become effective?

Answer:

NEWPW(FN) will force at least 1 numeric. (NEWPW(FA) will force at least 1 alphabetic character.)

For special characters, use the PASSCHAR control option in conjunction with the NEWPW(SC). PASSCHAR contains a list of special characters which can be used in new passwords. Special characters may not be acceptable in some applications or at some levels of the operating system. Valid special characters are:

.. Ampersand &
.. Asterisk *
.. At @
.. Colon :
.. Dollar $
.. Equal sign =
.. Exclamation mark !
.. Hyphen -
.. Logical Not ¬ .. Percentage sign % .. Period . .. Pound (hash) # .. Question mark ? .. Underscore _ .. Vertical line |

When used in conjunction with control option NEWPW(SC), all passwords must be defined with at least one of the characters in the PASSCHAR list. If NEWPW(SC) is absent, PASSCHAR characters are optional. If no characters are defined in PASSCHAR, NEWPW(SC) has no effect. NEWPW(SC) is a global option for all passwords and facilities. Only use NEWPW(SC) if every application which requires a security password accepts special characters. So to force 1 numeric and 1 special character, use the following in the CA Top Secret parameter file:

PASSCHAR(...) where '...' is the list of special characters you want used. (Up to 16 characters can be specified, separated by a comma.)

NEWPW(...SC,FN) where '...' represents anything currently specified in the NEWPW control option. Issue TSS MODIFY(STATUS(PASSWORD)) to see the current NEWPW setting.

To pick up changes in the CA Top Secret parameter file, CA Top Secret must be recycled (temporary shutdown and restart). Or you can dynamically set these via:

TSS MODIFY PASSCHAR(...)

TSS MODIFY NEWPW(MIN=5,ID,RS,MINDAYS=1,WARN=3,SC,FN)

(The TSS MODIFY command is only valid until the next recycle of CA Top Secret.) Once set, the next time a user changes their password, users will need to specify at least 1 numeric and 1 special character.

The NEWPW control option specifies restrictions for new passwords specified by a user, so this option doesn't affect new passwords set with the TSS command by a CA Top Secret administrator.

Additional Information:

Please see the CA Top Secret Control Options Guide for more information on the NEWPW and PASSCHAR control options.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: