ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Strong TSM Passwords?

2012-07-24 11:19:08
Subject: Re: [ADSM-L] Strong TSM Passwords?
From: Kevin Kettner <kkettner AT DOIT.WISC DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 24 Jul 2012 10:12:21 -0500 
You are correct, I guess it can minimally satisfy the requirement.

TSM supports 41 characters of the standard 94 allowed characters.

I am in agreement that TSM passwords can be very secure, especially
since we allow 5 wrong password attempts before the account is locked.
In reality, a 4 character password with only numbers would be hard to
crack since a hacker could only test 5 of 1000 possible combinations
before they were locked out.




On 7/24/2012 9:25, Thomas Denier wrote:

-----Kevin Kettner wrote: -----


Does anyone know if IBM is ever going to expand the character set
accepted for TSM passwords? I was hoping that would happen in TSM
6.3,
but apparently it still has the same password rules as it has for as
long as I can remember:

http://pic.dhe.ibm.com/infocenter/tsminfo/v6r3/topic/com.ibm.itsm.cli
ent.doc/r_opt_password.html


A--Z
     Any letter, A through Z, uppercase or lowercase
0--9
     Any number, 0 through 9
+
     Plus
.
     Period
_
     Underscore
-
     Hyphen
&
     Ampersand


The password policy at our university is this:

  * Are at least eight alphanumeric characters long
  * Contain at least three of the following four categories:
      o upper case characters (e.g., A-Z)
      o lower case characters (e.g., a-z)
      o Digits (e.g., 0-9)
      o Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)

TSM doesn't meet that standard and it seems a little silly as that
seems
to be the industry standard for secure passwords.

And yes, I am aware that special characters do not actually improve
password security that much, but...

http://xkcd.com/936/

In what sense does TSM fail to meet the university standard? TSM will
not force compliance with the standard, but a larger character set
for TSM passwords would not change that. As far as I can see, TSM
already allows compliance with the standard. TSM passwords can be
considerably more than 8 characters long, and can in fact contain
characters drawn from three of the four categories: upper case letters,
digits, and some of the listed special characters. I don't think
TSM passwords can in any real sense contain lower case letters,
since lower case letters are converted to upper case when a
password is entered.

Thomas Denier
Thomas Jefferson University Hospital
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Strong TSM Passwords?, Kevin Kettner
Next by Date:  [ADSM-L] DB2 hang or crash, Ehresman,David E.
Previous by Thread:  Re: [ADSM-L] Strong TSM Passwords?, Thomas Denier
Next by Thread:  Re: [ADSM-L] TSM: Backing Up Large Files, Prather, Wanda
Indexes:  [Date] [Thread] [Top] [All Lists]