MULTIPW Attribute With Mixed Case Passwords In Top Secret
Article ID: 54016
Updated On:
Products
Issue/Introduction
In the NEWPW control option documentation, sub option MC, there is a note:
Note: Applications that do not support mixed-case passwords convert the password to uppercase, which can cause a password verification failure. If an application does not support mixed-case passwords, use the MULTIPW attribute of the FACILITY control option to allow a different password to be specified for that facility. Any passwords for that facility must be specified in uppercase.
Is the MULTIPW attribute required for mixed case passwords?
Resolution
The reason the reference to MULTIPW is in the Control Options Guide under the NEWPW(MC) control option is to inform clients that if not all of their applications support mixed case passwords, the only way to use mixed case passwords without impacting the ACID(s) is to use multiple passwords. For example, let's say application A supports mixed case passwords and application B does not. (In other words, application B upper cases the password entered before passing it to Top Secret.) If mixed case passwords are activated and the user has a password with lower case characters, the user will be able to signon to application A with that password, but application B will upper case the password before passing it to Top Secret, so the password sent to us will not match the actual password and the signon will be denied with an invalid password violation.
Instead of having to wait until application B supports mixed case passwords, the user can be given a mixed case password for application A using MULTIPW and for all other applications, the user can use an upper case password.
To give an acid MULTIPW, use:
TSS ADD(acid) FAC(facility) PASSWORD(pswd[,[interval][,EXP]]) MULTIPW
where
'acid' is the user's ACID
'facility' is the facility associated with application A
'pswd' is the mixed case password
and optionally, a password interval can be given (or default taken) and the password can be set to expire which will force the user to change it at next signon.
After this command, the user will have to use the mixed case password when signing on to application A but the other password when signing on anywhere else.
NOTES:
Just doing TSS ADD(acid) FAC(facility) will use the acid's current password.
MULTIPW can NOT be used on a profile ACID.
Additional Information
See MULTIPW Keyword for more information on the TSS ADD command and the MULTIPW attribute.
Feedback
