MULTIPW With The NEWPW(MC) CA Top Secret Control Option.

Document ID : KB000054086
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In the CA Top Secret Control Options Guide, there is a reference to MULTIPW facility on the MC operand for NEWPW.

What is the method to confirm, if MULTIPW facility is in use? And what is the impact of any potential changes made, if not currently in use?

Solution:

To determine, if MULTIPW is in use, run TSSAUDIT with PRIVILEGES SHORT. In the 10th column there will be 'MPW':

  • If the acid has MULTIPW

  • Or a '-' if the acid does not have MULTIPW.

Sample JCL for TSSAUDIT can be found in member TSSAUDIT in the CA Top Secret SAMPJCL library.

The reason the reference to MULTIPW is in the Control Options Guide under the NEWPW(MC) control option is that not all of the current applications running support mixed case passwords. The only way to use mixed case passwords without impacting the ACID(s) is to use multiple passwords.

For example, let's say application A supports mixed case passwords and application B does not. (In other words, application B upper cases the password entered before passing it to CA Top Secret.)

If mixed case passwords are activated and the user has a password with lower case characters:

  • The user will be able to signon to application A with that password.

  • But application B will upper case the password before passing it to CA Top Secret. The password sent to CA Top Secret will not match the actual password and the signon will be denied with an invalid password violation.

Instead of having to wait until application B supports mixed case passwords, the user can be given a mixed case password for application A using MULTIPW and for all other applications, the user can use an upper case password.

To give an acid MULTIPW, use:

TSS ADD(acid) FAC(facility) PASSWORD(pswd[,[interval][,EXP]])  MULTIPW

where 'acid' is the user's acid.
'facility' is the facility associated with application A
'pswd' is the mixed case password optionally. A password interval can be given (or default taken) the password can be set to expire which will force the user to change it at next signon.

After this command, the user will have to use the mixed case password, when signing on to application A. Use the uppercase password everywhere else.

NOTES:
Just doing TSS ADD(acid) FAC(facility) will use the acid's current password.

MULTIPW can not be used on a PROFILE acid.

Please see the CA Top Secret Report and Tracking Guide for more details about TSSAUDIT.
Please see the CA Top Secret Control Options Guide for more details about MULTIPW.