On Mon, 7 Nov 2005 15:56:54 -0800 Schuh, Richard said: >Which is good. x15 and x05 might be bad characters to use. I would not be >inclined to use any that would not print or display as a readable >character; and would not allow any that have special meaning, such as @,# and >friends.
Actually I've specifically used # in the past, knowing that it requires the escape character when typed. However, the lack of lower case characters limits VM's ability to play by the rules of many security policies. Last I checked, which has been a while but I've seen nothing in the changes published, even an ESM could not support a lowercase password, since CP was "cleansing" the password prior to giving it to the ESM. And even if you think not allowing x11 is good since it is difficult to type on the keyboard, it also restricts systems from using it for tokens, which reduce the number of available combinations signficantly. CP should just get out of the way, allow 32 character passwords made up of any of 256 characters. Let the ESM handle it. Turn off CHARDEL and LINEDEL in the config file. That leaves only ESCAPE and LINEND as potential problems. With passwords, more (except frequency) is better. Longer and bigger character sets. /ahw >Regards, >Richard Schuh >> -----Original Message----- >> From: VM/ESA and z/VM Discussions [mailto:[EMAIL PROTECTED] >> Behalf Of A. Harry Williams >> Sent: Monday, November 07, 2005 3:45 PM >> To: [email protected] >> Subject: Re: Passwords >> >> >> On Mon, 7 Nov 2005 16:43:07 -0500 Alan Altmark said: >> >On Monday, 11/07/2005 at 12:32 PST, "Schuh, Richard" >> <[EMAIL PROTECTED]> >> >wrote: >> >> What characters are allowed in passwords? Where is it >> documented? I see >> >that >> >> HCPTBL, as documented, has specifications for the userid, >> but see no >> >such >> >> documentation for the content of passwords. >> > >> >There is no restriction on password content as far as CP is >> concerned, >> >though an ESM may choose to implement other rules. >> >> Yes there is. As others have pointed out, x40 is not allowed >> in the middle >> of the 8 character password. Neither is x81. CP does do >> some translating >> before working with the password. There are all sorts of >> characters not >> allowed. >> >> > >> >Alan Altmark >> /ahw >>
