Rex The sample does not accomplish what you intended. Instead it requires one of the following 3 scenarios to be true:
1. 2 numeric values in an 8 character password, where one of the numerics is in column 1 2. 2 numeric values in an 8 character password, where one of the numerics is in column 2 3. 2 numeric values in an 8 character password, where one of the numerics is in column 3 and so on. Usually the reason for a sample rule .... RULEn( LENGTH(6:8) ALPHANUM(6:8)) ... to be ineffective is that the intent of rule 1 is undone by rule 2 (or 3 or 4..) Example: RULE1( LENGTH(8) ALPHANUM(1:8) ) RULE2( LENGTH(6:7) ) Given the above, 8 character passwords must contain at least 1 numeric and 1 alphanational, but 6 or 7 character passwords have no such restriction. Hayim IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> wrote on 2010.04.27 14:49:49: > Rick, > > IF (and that's a big if!) he wants to have the password set to > specifically 8 characters, couldn't he use 8 rules for this: > > SETR PASSWORD( RULE1( LENGTH(8) NUMERIC(1) ALPHANUM(2:8))) > SETR PASSWORD( RULE2( LENGTH(8) NUMERIC(2) ALPHANUM(1,3:8))) > SETR PASSWORD( RULE3( LENGTH(8) NUMERIC(3) ALPHANUM(1:2,4:8))) > > And so on? > > Wouldn't that force a numeric in at least 1 position, but allow for more > than one? I'm not saying I would want to do this, because this also > allows an all-numeric password. > > Rex > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of Rick Fochtman > Sent: Tuesday, April 27, 2010 1:24 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: RACF password rules > > ------------------------------<snip>------------------------------- > > >>>SETR PASSWORD( RULE1( LENGTH(8) ALPHANUM(1:8))) > >>> > >>> > >>As I read it, this sets an 8 char password with an alphanumeric in any > >>of the 8 positions. > >> > >>I'd like to require at least one numeric, but in any position. > >> > >>Can this be done without an exit? > >> > >> > ---------------------------------<unsnip>------------------------------- > ----- > In MY experience, the answer is NO. but a simple TRT in an exit can > verify that a numeric exists. > > Rick > Hayim _____________________________________ Hayim Sokolsky, CISSP Mainframe Security Architect DTCC Corporate Information Security 18301 Bermuda Green Dr, MS 1-CIS Tampa FL 33647-1760 Tel. (813) 470-2177 <BR>_____________________________________________________________ <FONT size=2><BR> DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.</FONT> ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
