Karl Severson <[EMAIL PROTECTED]> writes: > The government has proclaimed new password requirements which are: > at least eight characters in length, alphanumeric (at least one of > which should be a capital letter) and special characters. I have the > latest VM:Manager release (2.8, I think). I can't find this anywhere > in the documentation CD that came with this release but will the > latest VM:Secure force users to these above password requirements or > do I have to write a "front end" script to be legal? There's a file > on VM:Secure's 191 disk called PASSEXIT EXEC which does some of this > (pw length and reuse control) on our current release (2.5A) and I > figure this is the EXEC which will need to be modified to do the new > stuff if it's even possible.
some topic drift from recent thread in ibm-main http://www.garlic.com/`lynn/2005r.html#25 PCI audit compliance and some rules from long ago and far away http://www.garlic.com/~lynn/2001d.html#51 OT Re: A beautiful morning in AFM. http://www.garlic.com/~lynn/2001d.html#52 OT Re: A beautiful morning in AFM. there has been a recent side thread ... that most of the password rules 1) make it hard for you to remember and 2) reduce the brute force domain space .... aka rules reduce the total number of possible passowrd combinations that would have to be checked by a brute force attack. in fact, the above april 1st reference somewhat highlights this by requiring an 8-character password ... but observing that with all the rules ... there is only a single valid character combination that satisfies all possible rules. and, of course, lots of collected postings on general characteristics of shared-secret authentication mechanisms http://www.garlic.com/~lynn/subpubkey.html#secret and other collected postings on general subject of 3-factor authentication http://www.garlic.com/~lynn/subpubkey.html#3factor -- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
