Security Planning
Sterling Connect:Direct® supports signon security checking through its own Authorization Facility and through security exits interfacing with CA-ACF2 and CA-TOP SECRET by Computer Associates International, Inc., and Resource Access Control Facility (RACF) by IBM®. Any of these packages can control access to Sterling Connect:Direct functions. Read Implementing Security in the IBM Sterling Connect:Direct for z/OS® Administration Guide.
RACF Password Phrase (Passphrase)
Sterling Connect:Direct for z/OS supports RACF Password Phrase(Passphrase) up to 64 characters in length. Any location within Connect:Direct where a password is accepted, a passphrase can be used in its place. For more information on RACF support of Password Phrase, see the Security Server RACF General User’s Guide, SA22-7685-05 at http://pic.dhe.ibm.com/infocenter/zos/v1r12/index.jsp?topic=%2Fcom.ibm.zos.r12.icha100%2Fichza14003.htm.
Character | Description |
---|---|
blank | |
< | less than |
¬ | logical not |
, | comma |
> | greater than |
= | equal sign |
/ | forward slash |
\ | backward slash |
' | single quote |
" | double quote |
( | open parenthesis |
) | close parenthesis |
Passphrases can begin with a blank.
Passphrases can end with a blank.
Special Connect:Direct z/OS rules for Passphrase:
- Passphrases that contain a special character that is also a "delimiter"
must be enclosed in double quotes or single quotes:
'This is<a>passphrase.'
or
"This is<a>passphrase."
- Passphrases that end with a blank must be enclosed with a combination
of single quotes and double quotes:
'" Passphrase that contains blanks. "'
- Passphrases that contain one or more single quotes must be enclosed
in double quotes:
"That's a passphrase, not his'ns."
Note: Passphrases that contain single quotes cannot be entered in the ISPF panels and should be avoided. - Passphrases that contain one or more double quotes must be enclosed
in single quotes:
'Passphrase for the "world".'
- Rules for entering a passphrase through the ISPF panels are the
same as for entering the passphrase in a PROCESS statement. However,
they are somewhat relaxed:
- The ISPF code automatically encloses the passphrase in single
quotes if it isn't entered enclosed in single or double quotes.
This is a <passphrase> and is "easy" to enter.
or
'This is a <passphrase> and is "easy" to enter.'
- Passphrase that end in a blank should be enclosed in double quotes
(or the single/double quote - double/single quote pair).
"This is a passphrase that ends with a blank. "
or
'"This is a passphrase that ends with a blank. "'
Note: Passphrases that contain a single quote cannot be entered into the ISPF panels and should be avoided.Note: If "delimiter" characters are avoided, entering the longer passphrase is the same as entering the password.
- The ISPF code automatically encloses the passphrase in single
quotes if it isn't entered enclosed in single or double quotes.
Summary
Passphrase | Enclosed within |
---|---|
Contains no Connect:Direct "delimiter" | none required |
Contains Connect:Direct "delimiter" except single quote and/or double quote (see ending blank rule below) | ' or " |
Contains single quote *Cannot be entered with ISPF* | " |
Contains double quote | ' |
Contains both single quote and double quote | *Not allowed* |
Ends with blank, but has no single quote or double quote | '" "' |
Ends with blank, and has a single quote or double quote | *Not allowed* |