home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!stanford.edu!lll-winken!elroy.jpl.nasa.gov!usc!sol.ctr.columbia.edu!destroyer!gatech!paladin.american.edu!auvm!UA1VM.UA.EDU!BHUNTER
- From: BHUNTER@UA1VM.UA.EDU (Bill Hunter)
- Newsgroups: bit.listserv.ibm-main
- Subject: Re: Addr: RACF/VM
- Message-ID: <IBM-MAIN%92101610461704@UA1VM.UA.EDU>
- Date: 16 Oct 92 15:36:33 GMT
- Sender: IBM Mainframe Discussion list <IBM-MAIN@RICEVM1.BITNET>
- Lines: 23
- Comments: Gated by NETNEWS@AUVM.AMERICAN.EDU
- In-Reply-To: Message of Fri,
- 16 Oct 1992 09:12:00 CST from <CCFXKPD@UCHIMVS1.UCHICAGO.EDU>
-
- On Fri, 16 Oct 1992 09:12:00 CST Kriss Davis said:
- >I agree that theoritically having the users change their passwords
- >at initial log on and at intervals is a good idea. However,
- >there are way too many users of systems that changing their
- >passwords just adds another thing they have to know how to
- >do that they are not called upon to do frequently enough to
- >remember how to do.
- >
- >Also, the rules about password construction (if there are
- >any like no duplicate letters, must be at least X chars. long, etc.)
- >are usually poorly or not documented. So when a user goes to
- >change passwords, they try several, none are the right configuration,
- >and then the USERID gets locked and must be unlocked and reset.
- >Seecurity packages rarely put out informative messages telling the
- >user why a certain password is not acceptable.
- >
-
- Doesn't your site test software that affects all users before it goes
- into "production"???
-
- If the rules for passwords are poorly documented why don't you or your
- staff figure out what the rules are and educate your users before you
- thrust upon them a new security system that requires password changing?????
-