Changing your password

Your user ID identifies you to RACF® and your password verifies your identity. You have to change your password after a certain interval of time to help ensure that it is known only to you. You can change the time interval between required password changes at the time you change your password.

Note: You can also change your password while logging on to the system. This is the most common way of changing your password. See Finding out if you are defined to RACF.

If you have multiple user IDs, you can keep your passwords automatically synchronized on the same system or across multiple systems by defining peer user ID associations with password synchronization enabled between your user IDs. See Synchronizing your passwords and password phrases for additional information. An installation can also maintain the synchronization of user passwords between the same user IDs on different nodes by using automatic password direction. See Automatic password direction for additional information.

RACF has the following rules for passwords:

The length can be 1 to 8 characters.
Valid characters are alphabetic uppercase (A–Z), numeric (0–9), and national (# (X'7B'), @ (X'7C'), and $ (X'5B')). If your installation supports mixed case passwords, alphabetic lowercase characters (a-z) are also accepted in passwords. If your installation does not support mixed case passwords, any lowercase characters that you enter for your password are folded to uppercase. If you don't know whether mixed case passwords are supported, ask your security administrator.

In addition, your installation has password rules. If you do not know the rules, choose a password following the format of your current password. RACF might not allow you to reuse a previous password. Ask your RACF security administrator for an explanation of your installation's rules for passwords.

To change your password, enter the PASSWORD command with the PASSWORD keyword as follows:

PASSWORD PASSWORD(current-password new-password)

For example, if your installation supports mixed case passwords, to change your password from "subject" to "testers", type:

PASSWORD PASSWORD(subject testers)

If your installation does not support mixed case passwords, RACF folds passwords that you enter to uppercase. In that case, the command shown changes your password from "SUBJECT" to "TESTERS".

To change your password interval (that is, the time allowed before you are required to change your password again), enter the PASSWORD command with the INTERVAL keyword as follows:

PASSWORD INTERVAL(interval-you-want)

For example, to change your password interval to 15 days, enter the following command:

PASSWORD INTERVAL(15)

At the end of 15 days, RACF requires you to change your current password.

RACF allows the interval to be in the range of 1 to 254 days. Your installation chooses its own interval in this range. You can change your password interval to a shorter length of time than your installation requires but you cannot specify a longer interval. For example, if your installation has a password interval of 30 days, you can change the interval to any number from 1 to 30 but you cannot change your password interval to 45 days.

If you do not know your current password interval, enter the LISTUSER command and check the PASS-INTERVAL field. For more information, see Understanding the information RACF has about you as a user.

To change your password and password interval, enter the PASSWORD command with the PASSWORD and INTERVAL keywords as follows:

PASSWORD PASSWORD(current-password new-password) INTERVAL(interval)

For example, to change the password from "subject" to "testers", and the interval to 15 days, enter the following command:

PASSWORD PASSWORD(subject testers) INTERVAL(15)