CA TPX Session Management for z/OS

Expand all | Collapse all

CA SOLVE Access Session Management PASSPHRASE support

  • 1.  CA SOLVE Access Session Management PASSPHRASE support

    Posted 10-23-2014 06:51 PM

    Hi,

     

    PASSPHRASE support was added to EASINET last year by fixes - TZ58279, TZ58280, TZ58281


    I am interested in whether customers are using PASSPHRASE for their critical (and other) applications.


    Please join this discussion and share your PASSPHRASE plans. I am interested in the following:

    1. Is PASSPHRASE used or going to be used for access to 'everything' or just critical applications?
    2. Are you aiming for, or supporting a mixed password environment? That is, you support 8 character passwords and PASSPHRASE and leave it to the user to decide?
    3. What have been your main problems implementing PASSPHRASE support at your premises?
    4. Are you planning for, or have you implemented other security enhancements around mainframe passwords?
    5. How has PASSPHRASE been received by your SOLVE Access and application users?

     

    Thanks,

     

    Trevor Jones

    Product Manager for CA SOLVE Access Session Management



  • 2.  Re: CA SOLVE Access Session Management PASSPHRASE support

    Posted 02-26-2015 04:51 AM

    Hi Trevor

     

    we plan to using PASSPHRASE for privileged user (e.g Systemprogammers), that means we like to use a mixed password environment.

    The plan is that if a user has a PASSPHRASE he can only logon with PASSPHRASE. All other will use password or passticket.

     

    At the moment I just implemt it on our development system and therefore I can't share any expirience jet.

     

    Best regards

    René Hagmann



  • 3.  Re: CA SOLVE Access Session Management PASSPHRASE support

    Posted 02-27-2015 07:08 AM

    After implementation on our development system I discovered that PASSPHRASE are only used to do a verification if it is valid. After that the logon is done by PASSTICKET.

     

    Is that correct?

     

    On a mixed password environment could this become a problem since IBM treat password and PASSTICKET the same way.

        

    I would appreciate if you could confirm that my assumption is correct.