-----Kevin Kettner wrote: -----

>Does anyone know if IBM is ever going to expand the character set
>accepted for TSM passwords? I was hoping that would happen in TSM
>6.3,
>but apparently it still has the same password rules as it has for as
>long as I can remember:
>
>http://pic.dhe.ibm.com/infocenter/tsminfo/v6r3/topic/com.ibm.itsm.cli
>ent.doc/r_opt_password.html
>
>> A--Z
>>     Any letter, A through Z, uppercase or lowercase
>> 0--9
>>     Any number, 0 through 9
>> +
>>     Plus
>> .
>>     Period
>> _
>>     Underscore
>> -
>>     Hyphen
>> &
>>     Ampersand
>>
>
>The password policy at our university is this:
>
>  * Are at least eight alphanumeric characters long
>  * Contain at least three of the following four categories:
>      o upper case characters (e.g., A-Z)
>      o lower case characters (e.g., a-z)
>      o Digits (e.g., 0-9)
>      o Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
>
>TSM doesn't meet that standard and it seems a little silly as that
>seems
>to be the industry standard for secure passwords.
>
>And yes, I am aware that special characters do not actually improve
>password security that much, but...
>
>http://xkcd.com/936/

In what sense does TSM fail to meet the university standard? TSM will
not force compliance with the standard, but a larger character set
for TSM passwords would not change that. As far as I can see, TSM
already allows compliance with the standard. TSM passwords can be
considerably more than 8 characters long, and can in fact contain
characters drawn from three of the four categories: upper case letters,
digits, and some of the listed special characters. I don't think
TSM passwords can in any real sense contain lower case letters,
since lower case letters are converted to upper case when a
password is entered.

Thomas Denier
Thomas Jefferson University Hospital