1. truncate the AD password to 8 characters on the mainframe 2. use passphrases instead of passwords.
Option 2 is not really viable because not all applications which use RACF to validate the userid are capable of using passphrases. So option 1 is the only thing that I can think of. Well option 0 would be to restrict Windows passwords to be compatable with RACF passwords, having a max of 8 characters. I don't know if you can set a maximum length for Windows passwords. But even if you can, I'd almost bet that some auditor will start their weeping and wailing and gnashing of teeth about how insecure this is. So I'd use option 3: eliminate Windows. <grin> -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Bill Johnson > Sent: Monday, April 04, 2011 9:24 AM > To: IBM-MAIN@bama.ua.edu > Subject: Mainframe passwords synced to active directory. > > We are trying to sync up (and expand) our mainframe passwords > to match what the > user has in active directory. So far so good. The problem is > when the AD > password is longer than 8 characters. Anyone shed some light > as to how this can > be handled? > > TIA > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html