How to run mixed case password through EASINET ?
search cancel

How to run mixed case password through EASINET ?

book

Article ID: 11684

calendar_today

Updated On:

Products

SOLVE:Operations Automation SOLVE:Access Session Management SOLVE:FTS SOLVE

Issue/Introduction

How to run mixed case password through EASINET in SOLVE:Access?

Environment

SOLVE:Access 5.0

Resolution

The mixed case password can be enabled from RUNSYSIN through XOPT=(PWMIX) parm.

 However, the EASINET procedure and the panel invoked from the procedure are not aligned with this option by default which converts all passwords in upper case.
 

 Here are the steps to support mixed case password when running EASINET:

1. Verify the following fixes are applied to allow both chosen and forced password change from within SOLVE as well as correct other minor issues. 
RO17559 OLD PASSWORD NOT ACCEPTED ON PASSWORD CHANGE WHEN MIXED CASE
RO93854 NEW PASSWORD NOT ACCEPTED ON PASSWORD CHANGE WHEN MIXED CASE
RO95266 PASSWORD CANNOT START WITH '='
RO95267 PASSWORD CANNOT START WITH '='
RO96620 NEW PASSWORD NOT ACCEPTED ON FORCED PASSWORD CHANGE 
RO96621 NEW PASSWORD NOT ACCEPTED ON FORCED PASSWORD CHANGE 
RO96639 NEW PASSWORD NOT ACCEPTED ON FORCED PASSWORD CHANGE
SO00814 Allow retention of old SOLVE screen with userid/password on one line  

 2. Review document KB 10638 for additional fixes/information that allow full mixed case / MFA compatibility. It shows up easily in a google search.

 3.   Edit the EASINET procedure and insert &CONTROL NOUCASE at the beginning of the proc.
        Ensure no other &CONTROL UCASE is coded somewhere after.

 4. If you have a custom EASINET procedure that includes a &SECCHK call, ensure that all such calls are
        changed to use the newer &SECCALL unless there is no equivalent (ie &SECCHK INFO).  Syntax and usage information can be found here

 5. If you have a custom $EASIUPW member, try renaming it (after completion of #1) so that the distributed version is used and see if logons work
        properly.
   If it does need to remain in place, please follow steps 3 and 4 for this proc.

 6. If you have any logon procs, you will need to review them in the same manner as EASINET, so review steps 3 and 4.
    

 7.   View  any custom panels containing the password field through /PANELS with option L (list).
        Change the panel attribute used for the password as the following example :

        If the panel contains @psw  field to accept the password, then set  

        #FLD @ TYPE=INPUT INTENS=NON BLANKS=TRAIL CAPS=NO    
        (CAPS=NO prevents conversion from lower to upper case)
       
 7a.   Please note that if this field was defined as alphabetical, that attribute must be removed to allow for the use of special characters.

 7b.  If you are allowing the use of special characters and are including the use of equal ('=') signs, you need to modify the password field in your panel to contain
        #FLD @ TYPE=INPUT INTENS=NON BLANKS=TRAIL CAPS=NO PSKIP=NO    
        (PKSIP=NO prevents the '=' from being interpreted as a skip key and thus preventing acceptance of the password)

 8. If you are using the default SOLVE logon screen, adding the fixes from step 3 will change its appearance such that the Userid is in one line and the Password/Passphrase field is in another.  If you are only using 8 character passwords and need this screen to retain its original appearance due to user preference or logon scripts, you can revert to the original screen format by applying SO00814 listed in step 1 and coding PPREF='XOPT=NOPWPHR' in your RUNSYSIN.

9. These are the special characters allowed by RACF when using mixed case passwords. You will need to verify what is allowed on your system.
      . < + | & ! * - % _ > ? : =   along with the following 3 symbols, identified as national characters: @ # $ 
    Test to ensure that all special characters allowed by the security system in your environment work properly when used at the beginning or in the middle of passwords.

Additional Information

 The complete description of panel attributes can be found from CA Solve:Access Session Management Network Control Language Programming Guide 5.0 – Chapter 7: Designing Interactive Panels (Panel Services).

 The complete information for the &SECCALL can be found on docopts.ca.com under SOLVE:Access 5.0 in the CA Netmaster Shared Content Library section.  Select the NCL Reference and go to the section Verbs and Built-in Functions.