z/OS Security Server RACF General User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Changing your password phrase

z/OS Security Server RACF General User's Guide
SA23-2298-00

Your password phrase is an alternative to your password for verifying your identity. You have to change your password phrase after a certain interval of time to help ensure that it is known only to you. The interval is the same one that determines when you must change your password. You can change the time interval between required password and password phrase changes at the time you change your password phrase.

If you have multiple user IDs, you can keep your password phrases automatically synchronized on the same system or across multiple systems by defining peer user ID associations with password synchronization enabled between your user IDs. See Synchronizing your passwords and password phrases for additional information. An installation can also maintain the synchronization of user password phrases between the same user IDs on different nodes by using automatic password direction. See Automatic password direction for additional information.

RACF® has the following rules for password phrases:
  • The length can be 14 to 100 characters.
    Note: Your installation can choose to allow password phrases as short as 9 characters. Check with your security administrator or system programmer to find out if the lower limit has been implemented.
  • The user ID (as sequential upper case characters or sequential lower case characters) can not be part of the password phrase
  • At least 2 alphabetic characters must be specified (A - Z, a - z)
  • At least 2 non-alphabetic characters must be specified (numerics, punctuation, special characters)
  • Valid characters are:
    • Alphabetic uppercase (A–Z) and lowercase (a-z)
    • Numeric (0–9)
    • National (# (X'7B'), @ (X'7C'), and $ (X'5B'))
    • Punctuation
    • Special
    • Blank
  • No more than 2 consecutive characters can be identical.
RACF might not allow you to reuse a previous password phrase.

Your installation might have additional rules for password phrases. Ask your RACF security administrator whether your installation has additional rules.

To change your password phrase, enter the PASSWORD or PHRASE command with the PHRASE keyword as follows: 
PASSWORD PHRASE ('current-password-phrase' 'new-password-phrase')
or 
PHRASE PHRASE ('current-password-phrase' 'new-password-phrase')
The current and new password phrases must have different values. Note that the password phrases must be entered in quotes. TSO/E does not support entering quoted strings in print inhibit mode; therefore your password phrase will be visible on the display. Take care to ensure that nobody can view your password phrase.
For example, to change your password phrase from "December 27, 1950" to "In 1492 Columbus sailed the ocean blue", type: 
PASSWORD PHRASE ('December 27, 1950' 'In 1492 Columbus sailed the ocean blue')
or 
PHRASE PHRASE ('December 27, 1950' 'In 1492 Columbus sailed the ocean blue')
The password interval (that is, the time allowed before you are required to change your password again) also applies to the password phrase. For a description of how to change the password interval, see Changing your password. You can use either the PASSWORD or PHRASE command. For example, to change your password interval to 15 days, enter either of the following commands: 
PASSWORD INTERVAL(15)
or 
PHRASE INTERVAL(15)
At the end of 15 days, RACF requires you to change your current password phrase.
Parent topic: Changing how you are defined to RACF

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014