On Fri, 22 Mar 2013 23:47:51 -0500, Paul Gilmartin <paulgboul...@aim.com> wrote:
>On Fri, 22 Mar 2013 18:26:38 -0500, Walt Farrell wrote: > >>On Fri, 22 Mar 2013 15:18:48 -0400, Tony Harminc wrote: >> >>>In the long term, of course, RACF will surely change to allow phrases >>>to be as short as anyone likes, subject only to installation control, >>>and passwords to be optional, and then we'll have by a very long and >>>roundabout route what everyone wanted in the first place: z/OS support >>>for long passwords. >> >Amen. > >>I sincerely doubt RACF will ever allow passwords shorter than 9. They are too >>weak, unless the site has a new password phrase exit to apply some rules >>regarding allowable character content. >> >Today RACF allows passwords of 8, perhaps even less. Are you >anticipating that an incompatible change will be made? No; my apologies. I meant it would not allow password phrases shorter than 9. > >>It probably will someday allow a z/OS user to have a password phrase but no >>password. RACF on z/VM already allows that, and did from the beginning of its >>password phrase support if I remember correctly. >> >This whole discussion baffles me. Why were passwords and password phrases >introduced as two separate concepts, rather than simply increasing the maximum >length of passwords and relaxing the syntax to allow blanks and minuscules? > >That should have been relatively easy since no control control block stores the >password persistently -- that's a basic security requirement. It was considered, but the code changes to allow that were more complex than you envision. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN