+

Search Tips   |   Advanced Search

(ZOS) Password sensitivity using a local operating system registry

Allowing for a larger number of password combinations benefits WebSphere Application Security. Passwords restricted to 8 characters have limits on how secure they can be. Hacking attempts often are successful with 8 character passwords. WAS expands the possible combinations beyond the 8 character password by providing the ability to additionally use a password phrase from 9 to 100 characters long. The password phrase gives you an exponentially larger number of combinations for securing any given user ID to an application.


z/OS Version 1.9 RACF

In z/OS Version 1.9, RACF allows us to use password phrases in securing a user ID to an application. Password phrase support for WAS provides infrastructure changes that you (or other applications) can exploit to facilitate authentication information across environments and applications.

A password phrase can be from 9 to 100 characters in length and provide a far greater number of possible combinations of characters and numbers than do passwords. A password phrase is a character string made up of mixed-case letters, numbers, and special characters. A user ID can have both a password and a password phrase associated with it. The user ID uses the password for existing applications that accept an eight-character password and the password phrase for those applications that are sensitive to the longer character string.

While password phrases inherently support the use of mixed-case characters, traditional 8-character passwords do not. To allow mixed-case characters in traditional passwords, use the RACF mixed case password option and enable it using the SETROPTS PASSWORD(MIXEDCASE) RACF command. See Password case sensitivity using a local operating system registry for more information about mixed case passwords.

Remember: After initializing the use of RACF mixed case passwords, you MUST restart the WAS.

To use password phrases in WAS, we must comply with all of the following requirements:

  1. Use z/OS Version 1.9 or higher

  2. Use the local operating system registry as your active registry

  3. Use the System Authorization Facility (SAF) as your authorization provider.

  4. Install the WAS Fix Pack 6.1.0.15 or later.

  5. To specify a password phrase that is between 9 and 13 characters, inclusive, then we must also install the ICHPWX11 RACF exit routine.

Important: All of these requirements must be met; otherwise, WAS password phrases are not recognized and do not take effect.

For more information about password phrases in z/OS Version 1.9, see Z/OS V1R9.0 Security Server RACF Security Administrator's Guide. This guide is available under "Security Server and Integrated Security Services. Within the guide, see section 3.4.14.


Related:

  • Local operating system registries
  • Select a registry or repository
  • Z/OS V1R9.0 Security Server RACF Security Administrator's Guide