MULTIPW Attribute Required For Mixed Case Passwords?

Document ID : KB000054016
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

In the NEWPW control option, sub option MC, in the Control Options Guide, there is a note:

Note: Applications that are unable to accept mixed case passwords capitalize mixed case input. Do not use mixed case passwords unless in a MULTIPW facility.

Is the MULTIPW attribute required for mixed case passwords?

Answer:

The reason the reference to MULTIPW is in the Control Options Guide under the NEWPW(MC) control option is to inform clients that if not all of their applications support mixed case passwords, the only way to use mixed case passwords without impacting the ACID(s) is to use multiple passwords. For example, let's say application A supports mixed case passwords and application B does not. (In other words, application B upper cases the password entered before passing it to CA Top Secret.) If mixed case passwords are activated and the user has a password with lower case characters, the user will be able to signon to application A with that password, but application B will upper case the password before passing it to CA Top Secret, so the password sent to us will not match the actual password and the signon will be denied with an invalid password violation.

Instead of having to wait until application B supports mixed case passwords, the user can be given a mixed case password for application A using MULTIPW and for all other applications, the user can use an upper case password.
To give an acid MULTIPW, use:

TSS ADD(acid) FAC(facility) PASSWORD(pswd[,[interval][,EXP]]) MULTIPW

where
'acid' is the user's acid
'facility' is the facility associated with application A
'pswd' is the mixed case password
and optionally, a password interval can be given (or default taken) and the password can be set to expire which will force the user to change it at next signon.

After this command, the user will have to use the mixed case password when signing on to application A but the other password when signing on anywhere else.

NOTES:
Just doing TSS ADD(acid) FAC(facility) will use the acid's current password.

MULTIPW can NOT be used on a profile acid.

Additional Information:

Please see the CA Top Secret Command Functions Guide for more information on the TSS ADD command and the MULTIPW attribute.