Small bug in password requirements error message
Posted: Tue May 09, 2023 7:25 am
On E9.2-1, one of my user accounts passwords expired, and I received the following error for attempting to set too short of a password as a replacement:
Note the `password length must be between !UB and 64 characters` in the Status.
As an aside, it is worth nothing that password expiration times are no longer considered best practice (e.g. see https://pages.nist.gov/800-63-FAQ/#q-b05). While I am aware that it is possible to remove them using the AUTHORIZE utility, VSI may want to consider removing or extending the default expiration period.
Code: Select all
%%%%%%%%%%% OPCOM 6-MAY-2023 20:23:19.24 %%%%%%%%%%%
Message from user AUDIT$SERVER on VMSX86
Security alarm (SECURITY) and security audit (SECURITY) on VMSX86, system id: 65
534
Auditable event: Local interactive login failure
Event time: 6-MAY-2023 20:23:19.24
PID: 00000413
Process name: SYSTEM
Username: SYSTEM
Process owner: [SYSTEM]
Terminal name: _OPA0:
Image name: VMSX86$DKA0:[SYS0.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Posix UID: -2
Posix GID: -2 (%XFFFFFFFE)
Status: %SET-E-INVPWDLEN, password length must be between !UB
and 64 characters; password not changed
As an aside, it is worth nothing that password expiration times are no longer considered best practice (e.g. see https://pages.nist.gov/800-63-FAQ/#q-b05). While I am aware that it is possible to remove them using the AUTHORIZE utility, VSI may want to consider removing or extending the default expiration period.