On Tuesday, 10/09/2007 at 12:26 EDT, "Huegel, Thomas" <[EMAIL PROTECTED]> wrote: > There already is the RPWLIST DATA file perhaps a minor change that would allow > a new password other than NOLOG be selected when a match was found. ie another > field in the RPWLIST DATA file with the new password when the match was found.
RPWLIST contains a static list of passwords. You can't effectively enforce modern password policies with a static list of passwords if you have rules like: - The password may not be a subset or superset of the userid. That is, for user ALTMARK, the password may not be A, AL, ALT, ALTM, ALTMA, ALTMAR, ALTMARK, or ALTMARK followed by any character. - The above enforced with obvious 4/A, I/1, O/0, 3/E, or other "l33t"-speak substitutions. - The password must be at least 6 characters. - The password must contain at least one non-alphabetic character that may not be in the first or last character. - The password cannot contain the names of the system programmers' wives, husbands, girlfriends, boyfriends, friends, acquaintences, offspring, ancestors, or pets, nor the birth dates of any of these, nor the name of any common vegetable or fruit. Unless, of course, you pre-process the directory before each DIRECTXA to generate the world's largest RPWLIST. I think after you do that the first time, you won't be inclined to do it again. I've pontificated on System Management software on numerous occassions, so I can't let this opportunity pass me by! It doesn't just automate stuff, but it provides a central management "touch point" from which you can enforce and monitor policy, whether it's user id management, content provisioning, security, or performance. Alan Altmark z/VM Development IBM Endicott
