On Fri, 22 Mar 2013 18:26:38 -0500, Walt Farrell wrote: >On Fri, 22 Mar 2013 15:18:48 -0400, Tony Harminc wrote: > >>In the long term, of course, RACF will surely change to allow phrases >>to be as short as anyone likes, subject only to installation control, >>and passwords to be optional, and then we'll have by a very long and >>roundabout route what everyone wanted in the first place: z/OS support >>for long passwords. > Amen.
>I sincerely doubt RACF will ever allow passwords shorter than 9. They are too >weak, unless the site has a new password phrase exit to apply some rules >regarding allowable character content. > Today RACF allows passwords of 8, perhaps even less. Are you anticipating that an incompatible change will be made? >It probably will someday allow a z/OS user to have a password phrase but no >password. RACF on z/VM already allows that, and did from the beginning of its >password phrase support if I remember correctly. > This whole discussion baffles me. Why were passwords and password phrases introduced as two separate concepts, rather than simply increasing the maximum length of passwords and relaxing the syntax to allow blanks and minuscules? That should have been relatively easy since no control control block stores the password persistently -- that's a basic security requirement. There should be a SAF interface to supply and verify long paswords, and for compatibility the current distinct short password interface, caveat user that if he chooses to define a long password he will ipso facto be excluded from any facilities that implement only the short password interface. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
