(zos)Password sensitivity using a local operating system registry
Allow for a larger number of password combinations benefits WebSphere Application Security. Passwords restricted to 8 characters have limits on how secure they can be. Hacking attempts often are successful with 8 character passwords. WebSphere Application Server expands the possible combinations beyond the 8 character password by providing the ability to additionally use a password phrase from 9 to 100 characters long. The password phrase gives you an exponentially larger number of combinations for securing any given user ID to an application.
z/OS Version 1.9 RACF
In z/OS Version 1.9, RACF allows us to use password phrases in securing a user ID to an application. Password phrase support for WebSphere Application Server provides infrastructure changes that you (or other applications) can exploit to facilitate authentication information across environments and applications.
A password phrase can be from 9 to 100 characters in length and provide a far greater number of possible combinations of characters and numbers than do passwords. A password phrase is a character string made up of mixed-case letters, numbers, and special characters. A user ID can have both a password and a password phrase associated with it. The user ID uses the password for existing applications that accept an eight-character password and the password phrase for those applications that are sensitive to the longer character string.
To also use mixed-case password phrases, or password phrases that have trailing blank spaces, use the RACF mixed case password option and enable it using the SETROPTS PASSWORD(MIXEDCASE) RACF command. See Password case sensitivity using a local operating system registry for more information about mixed case passwords.
Remember: After initializing the use of RACF mixed case passwords, you MUST restart the WAS.
To use password phrases in WebSphere Application Server, you must comply with all of the following requirements:
- Use z/OS Version 1.9 or higher
- Use the local operating system registry as the active registry
- Use the System Authorization Facility (SAF) as the authorization provider.
- Install the WAS Fix Pack 6.1.0.15 or later.
- To specify a password phrase that is between 9 and 13 characters, inclusive, then you must also install the ICHPWX11 RACF exit routine.
Important: All of these requirements must be met; otherwise, WebSphere Application Server password phrases are not recognized and do not take effect.
For more information about password phrases in z/OS Version 1.9, see Z/OS V1R9.0 Security Server RACF Security Administrator's Guide. This guide is available under "Security Server and Integrated Security Services. Within the guide, see section 3.4.14.
Related concepts
Local operating system registries
Related tasks
Select a registry or repository
Related information:
Z/OS V1R9.0 Security Server RACF Security Administrator's Guide