SETR PASSWORD RULE The SETROPTS PASSWORD RULE suboperand does not apply to password phrase. Figure 2-20 shows use of the SETROPTS PASSWORD RULE command. PASSWORD PROCESSING OPTIONS: NO INSTALLATION PASSWORD SYNTAX RULES ARE PRESENT. Figure 2-20 SETROPTS PASSWORD RULE 2.7 Password phrase auditing Auditing of password phrase changes is performed if the USER class is being audited, regardless of the LOGOPTIONS setting, as shown in Figure 2-21. SETR LIST AUDIT CLASSES = USER Figure 2-21 Auditing password phrase changes 2.8 Protected user IDs and password phrase Protected user IDs cannot have assigned a password phrase, and cannot be revoked due to incorrect password phrase attempts or used to enter the system in ways that require a password phrase. To protect user IDs, you need to issue the ALTUSER command with the NOPASSWORD and NOPHRASE operands, as shown in Figure 2-22. ALU TEST1 NOPASSWORD NOPHRASE USER=TEST1 NAME=UNKNOWN OWNER=SYS1 DEFAULT-GROUP=SYS1 PASSDATE=N/A ATTRIBUTES=PROTECTED CREATED=06.186 PASS-INTERVAL=N/A PHRASEDATE=N/A Figure 2-22 ALTUSER syntax command to PROTECTED user ID. 2.9 Providing the ability to reset password phrases You can allow a general user to reset user ID's password phrases using the ALTUSER command. To provide this ability, general users need to have authority in the IRR.PASSWORD.RESET resource profile in the FACILITY class. Chapter 2. Password phrase 17