Establishing password syntax rules (PASSWORD option)
- The minimum and maximum length of passwords
- The character content of installation-selected positions in the passwords
Restrictions: The password syntax rules you define are not enforced when users log on with their current passwords. Therefore, changes you make to your password syntax rules will not affect users with current passwords. Your changes will take effect for current users only when they change their passwords. For new users, the changes will take effect when the new user logs on for the first time. In addition, password syntax rules are not enforced when you define a temporary password for another user using the ALTUSER PASSWORD command unless you specify the NOEXPIRED option.
SETROPTS PASSWORD(RULE1(LENGTH(8) VOWEL(1,3,5:8) NUMERIC(2,4)))
For more information see PASSWORD(RULEn) of the SETROPTS command in z/OS Security Server RACF Command Language Reference.
The command establishes syntax rule RULE1. Syntax rule RULE1 specifies that new passwords must be 8 characters in length, must contain vowels in positions 1, 3, 5, 6, 7, and 8, and must contain numbers in positions 2 and 4. Thus, the password A2E2EAEE follows the rule, and C3DMIER5 does not.
If you do not define a value for every position specified by the LENGTH value, the undefined positions can contain any combination of alphanumeric characters.
Tip: If the RACF® ISPF panels are installed, you might find them easier to use for setting up password syntax rules.