MULTIPW Attribute Required For Mixed Case Passwords?
search cancel

MULTIPW Attribute Required For Mixed Case Passwords?

book

Article ID: 54016

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Question:

In the NEWPW control option, sub option MC, in the Control Options Guide, there is a note:

Note: Applications that are unable to accept mixed case passwords capitalize mixed case input. Do not use mixed case passwords unless in a MULTIPW facility.

Is the MULTIPW attribute required for mixed case passwords?

Answer:

The reason the reference to MULTIPW is in the Control Options Guide under the NEWPW(MC) control option is to inform clients that if not all of their applications support mixed case passwords, the only way to use mixed case passwords without impacting the ACID(s) is to use multiple passwords. For example, let's say application A supports mixed case passwords and application B does not. (In other words, application B upper cases the password entered before passing it to CA Top Secret.) If mixed case passwords are activated and the user has a password with lower case characters, the user will be able to signon to application A with that password, but application B will upper case the password before passing it to CA Top Secret, so the password sent to us will not match the actual password and the signon will be denied with an invalid password violation.

Instead of having to wait until application B supports mixed case passwords, the user can be given a mixed case password for application A using MULTIPW and for all other applications, the user can use an upper case password.
To give an acid MULTIPW, use:

TSS ADD(acid) FAC(facility) PASSWORD(pswd[,[interval][,EXP]]) MULTIPW

where
'acid' is the user's acid
'facility' is the facility associated with application A
'pswd' is the mixed case password
and optionally, a password interval can be given (or default taken) and the password can be set to expire which will force the user to change it at next signon.

After this command, the user will have to use the mixed case password when signing on to application A but the other password when signing on anywhere else.

NOTES:
Just doing TSS ADD(acid) FAC(facility) will use the acid's current password.

MULTIPW can NOT be used on a profile acid.

Additional Information:

Please see the CA Top Secret Command Functions Guide for more information on the TSS ADD command and the MULTIPW attribute. 

 

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:
Powered by Wolken Software