z/VSE requirement for password length
Ingolf24 120000DRN3 Comment (1) Visits (4086)
Just recently we got a requirement (Request for Enhancement - RFE) for the IUI "z/VSE sign-on with new password" panel.
The RFE 126365 is here.
The customer changed the password rules to a required password length of eight characters for new passwords. A length of eight is the maximum possible password length for z/VSE and CICS TS for z/VSE. The panel text shows a length of 3-8 characters as a description of the password input field. You may use the z/VSE LDAP support, if you want to use larger userids and passwords.
The RFE asks to adapt the description to the Basic Security Manager (BSM) password rules. This is already available, if you define the length with the BSM tool (BSTADMIN). Therefore we will close the requirement as available.
My colleague Elke describes how to get the requested results for BSM. Thanks, Elke.
You can set password rules with the BSTADMIN tool. For example if you only want to allow passwords with a length of 7 or 8, you can set it via
0 // EXEC BSTADMIN
0 pf password length(7) perform command
on the system console or a batch job.
In two dialogs is the minimum password length relevant.
1) The sign-on dialog, where the user can change his own password
2) The Maintain User Profiles dialog, where the administrator defines users and passwords.
1) The sign-on dialog reflects the actual (changed) minimum password length, it is displayed in the panel and in the message.
IESADMSO2 z/VSE SIGN-ON WITH NEW PASSWORD
Enter your new password in both places below then enter your current
password for sign-on verification.
Then press the ENTER key.
NEW PASSWORD ==> 7 - 8 characters
NEW PASSWORD ==> Re-Enter new password for verification
OLD PASSWORD ==> Current password
PASSWORD MUST BE A MINIMUM OF 7 CHARACTERS.
2) The Maintain user profiles dialog (2-1-1) does not reflect the actual value, but always displays the default minimum password length of 3.
We assume, the administrator can live with that restriction, because administrators should know BSM requirements.
IESADMUPBA ADD OR CHANGE USER PROFILE
BASE II CICS RESCLASS ICCF
To CHANGE, alter any of the entries except the userid.
USERID............. USER 4 - 8 characters (4 characters for ICCF user)
INITIAL PASSWORD... 3 - 8 characters
DAYS............... 000 0-365 Number of days before password expires
REVOKE DATE........ Date when Userid will be revoked (mm/dd/yy)
USER TYPE.......... 1 1=Administrator, 2=Programmer, 3=General
AUDITOR............ 1 1=yes, 2=no
INITIAL NAME....... IESEADM Initial function performed at signon
NAME TYPE.......... 2 1=Application, 2=Selection Panel
SYNONYM MODEL...... ________ Userid to be used as model for synonyms
PROGRAMMER NAME.... Supplementary user name
PF1=HELP 3=END 5=UPDATE
PASSWORD MUST BE A MINIMUM OF 3 CHARACTERS.
BSTADMIN commands are described in the z/VSE Administration book. You can download it from the z/VS