Manage Password Phrases

CA ACF2 contains many features for managing password phrases. The following provides an overview of the password phrase related logonid record and GSO Records.
acf2src16
CA ACF2 contains many features for managing password phrases. The following provides an overview of the password phrase related logonid record and GSO Records.
Password Phrase Related Logonid Record Fields
CA ACF2 stores a user’s password phrase in the User PWPHRASE Profile record in an encrypted format. You must memorize your password phrase because CA ACF2 never displays it. Not even a security administrator can display a user’s password phrase. Although you cannot display another user’s password phrase, you can use the following logonid record fields to control password phrases:
  • PWPALLOW
  • PSWD-DAT
  • PWP-VIO
For descriptions of these fields, see the Logonid Record Field Descriptions section.
A logonid and password or password phrase may be used to authenticate a user to a system. If both the password and password phrase are indicated, the password phrase will be used and the password will be ignored.
The PWP-VIO field is incremented by one for every password phrase violation incurred within the same date. Any password phrase violations incurred after the current value in PSWD-DAT will cause the PWP-VIO count to be reset to 1 and the PSWD-DAT field will be updated to reflect the current date. The only time the PWP-VIO field is physically set to zero (0) is when the CA ACF2 security administrator resets the field or the CLEARVIO option in the GSO PSWD record is being used.
Password Phrase Related GSO Records
You can use the GSO PWPHRASE record to apply tighter controls over password phrases. For more information, see Password Phrase (PWPHRASE). The following describes some of the options you can specify with fields on the PWPHRASE record:
NOALLOW
Prevents authentication to the system using a password phrase.
ALPHA 
Specifies the minimum number of alphabetic characters required in a new password phrase.
CMD-CHG 
Allows users to modify their own password phrase using the ACF command.
HISTORY 
Specifies the number of previous passwords phrases to be retained (up to 32)
LID 
Prevents the use of a logonid within a new password phrase.
MINWORD 
Specifies the minimum number of words required in a new password phrase.
NUMERIC
Specifies the minimum number of numeric characters required in a new password phrase.
REPCHAR 
Specifies the maximum number of consecutively repeating characters allowed in a new password phrase.
SPECIAL 
Specifies the number of special characters required in a new password phrase.
SPECLIST 
Allows the use of special user-defined characters in a new password phrase.