HELPLIB.HLB  —  SET  PASSWORD
    Changes a password or system password. Also, can establish a
    secondary password or system password, or remove a secondary
    password.

    A user password can contain up to 32 alphanumeric and special
    characters. Unless your system manager has set the PWDMIX flag
    in your authorization account record, the only special characters
    permitted are the dollar sign ($)  and underscore (_). Without
    the PWDMIX authorization, all lowercase characters are converted
    to uppercase before the password is encrypted. For example,
    "eagle" is the same as "EAGLE."

    If you have PWDMIX authorization, you can specify uppercase and
    lowercase alphabetic characters, and you can use any special
    characters in the printable character set. However, avoid using
    characters that have special significance for layered products
    that accept passwords. For example, a double quotation mark (")
    would be unacceptable in a password in a DECnet access control
    string.

    See the qualifier descriptions for restrictions.

    Format

      SET PASSWORD

1  –  Qualifiers

1.1    /ALGORITHM

       /ALGORITHM=keyword

    Selects a specific password generation algorithm.

    The valid keywords for this qualifier are ALPHABETIC and
    MIXED_CHARACTER. These keywords are mutually exclusive and cannot
    be negated. The /ALGORITHM qualifier requires the /GENERATE qualifier.

    Keyword             Explanation

    ALPHABETIC          Selects the alphabetic password generator. (Formerly
                        the only password generator)

    MIXED_CHARACTER     Selects the mixed-character password generator.
                        Mixed-character passwords are valid only for users
                        with the PwdMix flag set in their user authorization
                        records.

1.2    /GENERATE

       /GENERATE[=value]

    Generates a list of five random passwords. Press Return to repeat
    the procedure until a suitable password appears.

    There are two password generators, an alphabetic generator and a
    mixed-case generator. The alphabetic generator attempts to produce
    English-like non-words. The mixed-case generator produces passwords
    containing upper case, lower case, numbers and non-white-space symbols.
    The mixed-case generator makes no attempt to produce memorable or
    easy-to-pronounce passwords.

    Accounts without the PwdMix flag set will use the alphabetic generator
    by default and those with the PwdMix flag set will use the mixed-
    case generator by default.  To select a specific generator, use
    the /ALGORITHM qualifier.

    Value is a number from 1 to 32 that restricts the length of the
    password. For any value n, the SET PASSWORD command generates
    alphabetic passwords of from n to (n+2) characters long. As a
    consequence, values of 30, 31 or 32 are treated as 30 and thus it
    is possible that a request for a 31 or 32-character generated
    password may result in some passwords shorter than requested.

    The mixed-case generator always generates passwords of the
    requested length.

    If your system manager has established a minimum password length
    for your account, SET PASSWORD/GENERATE=n compares that length
    with the optional value specified with the /GENERATE qualifier,
    and uses the larger of the two values. If you do not specify a
    value with the /GENERATE qualifier, the account minimum length is
    used.

                                   NOTE

       If the SET PASSWORD/GENERATE command fails to work properly,
       consult your system manager to be sure that either the file
       SYS$LIBRARY:VMS$PASSWORD_DICTIONARY.DATA exists, or the
       logical name VMS$PASSWORD_DICTIONARY is correctly defined.

1.3    /SECONDARY

    Creates or allows you to replace a secondary password. The
    procedure is the same as setting your primary password.

    Once a secondary password has been established, you will receive
    two PASSWORD: prompts when logging in. The primary password
    should be typed in first, followed by the secondary password.

    Secondary passwords make it possible to set up an account that
    requires two different people to access it. Each person knows one
    of the two passwords, and both passwords are required to log in
    successfully.

    To remove your secondary password, press Return when SET
    PASSWORD/SECONDARY prompts you for a new password and
    verification. After you do this, you will receive a single
    PASSWORD: prompt when logging in. If you remove the secondary
    password, your system manager must restore it.

    The /SECONDARY and /SYSTEM qualifiers are incompatible.

1.4    /SYSTEM

    Requires the SECURITY privilege.

    Changes the system password rather than a user password.

    A system password can be from 0 to 32 alphanumeric characters.
    The dollar sign ($)  and underscore (_) are also permitted.
    Uppercase and lowercase characters are equivalent. All lowercase
    characters are converted to uppercase before the password is
    encrypted.

    A system password is valid only for the node it is set on. In an
    OpenVMS Cluster, each node can have a different system password.

    If a terminal line has the system password (SYSPWD)
    characteristic set, no terminal prompts are sent to that terminal
    until the system password is entered.

    The /SYSTEM and /SECONDARY qualifiers are incompatible. For more
    information about the use of system passwords, see the VSI OpenVMS
    Guide to System Security.

2  –  Example

  $ SET PASSWORD
  Old password: HONCHO
  New password: BIG_ENCHILADA
  Verification: BIG_ENCHILADA

      In response to the SET PASSWORD command, the system first
      prompts for the old password and then for the new password. The
      system then prompts again for the new password to verify it.
      The password changes if the user is authorized to change this
      account's password, if the old password is given correctly, and
      if the new password is given identically twice; otherwise, an
      error message appears and the password remains unchanged.

      In a real session, neither the old password nor the new
      password and its verification appear on the screen or paper.
Close Help