Configuring SSPR parameters

Head of the block of SSPR definitions

Method of access code management for password reset

If the MemorableWords and PIN parameters are set to Disable, you must set the AccessCode parameter to Email.

AllowInactive Enable|Disable

When the product runs on a RACF system, it issues an ALU RESUME command to clear the inactive status of the requested user ID.

The default is Disable.

Determines whether SSPR should resume a revoked user after receiving a valid password reset for the user

The default value is No.

Name of the CA ACF2, RACF, or CA Top Secret custom field that contains the email address of the user

This parameter overrides the value set in the EmailProfile configuration statement. To use this parameter, you must set the AccessCode parameter to Email.

For installations in which email addresses are not already defined in CA ACF2, RACF, or CA Top Secret, users can define their email address by using the SSPR setup process.

Determines whether a reset password should expire

If set to Yes, users must change their passwords again when they log in using a new password.

The default is No.

ExpireUnlock Enable|Disable

Controls the process for unlocking a user ID when its password has expired

If set to Enable, users with an expired password can unlock their user IDs. If set to Disable, SSPR displays an error message when users try to unlock their user IDs.

The default is Disable.

If this parameter is enabled, the started task user ID must have sufficient RACF privileges to issue the ALTUSER command.

HelpText memberName

Member name of the custom text to display in the help panel for SSPR

For more information, see Customizing-SSPR-windows.

IPLockout numberOfSeconds

The amount of time a user is locked out of the system after trying to reset a password

Lockouts can occur after five failed reset attempts or if the user tries to reset multiple passwords at the same time.

Enter the number of seconds that you want the user to be locked out.

If you omit this parameter, the default 900 seconds (15 minutes) is used.

LogoImage memberName

Member name of the custom image to replace the BMC AMI logo.

For more information, see Customizing-SSPR-windows.

LogoImageWidth width

Percentage width of the logo image, which is specified as a value between 0 and 100.
For example, LogoImageWidth 50 sets the logo to be 50 percent of the available width.

The default width is 20 percent.

MaxPassLength 8|length

MinimumPhraseLength 9 | length

Minimum length for password phrases

Define a length from 9 to 98 characters. SSPR validates whether the password phrases meet the required length.

If you omit this parameter, the minimum length is 9 characters.

MinimumWordLength 4 | length

Minimum length for memorable words

The maximum value is 16 characters.

If you omit this parameter, the minimum length is 4 characters.

MixedCase Off | On

Determines whether users can set mixed case passwords

The default value is Off.

Feature with passphrase support activated

Is access to the selected PassPhrase Setup feature available with password or passphrase, or only with a passphrase

To use this parameter:

• You must have selected the PassPhrase Setup feature.
• The user ID must have a phrase defined in RACF.

If set to Yes, users with a passphrase can use or reset their phrase with SSPR only. Users without a phrase defined can continue to use or reset a password. 

If you omit this parameter, the default value No is used.

Does SSPR require a user PIN before progressing with further authorization checks

If MemorableWords and PIN are both set to Disable, AccessCode must be set to Email.

The default value is Enable.

SpecialCharacters Enable|Disable

(SPE2410)

Controls the use of the following special characters in questions or answers: ` ! @ # $ % ^ & * ( ) _ + - = [ ] { } ; ' : " | , . < > / ? ~

If set to Enable, users can use special characters in their questions and answers.

If not defined or set to Disable, SSPR displays an error message indicating that special characters are not allowed.

The default value is Disable.

SystemList name1 name2 name3 …

Name or names of systems on which a user can replicate a password reset request and user ID unlock request

The entered name or names must match the system name defined in the RSS Servers definition.

You must define this parameter for SSPR to display the System list on the BMC AMI Security Self Service Password Reset window.

WindowWidth width

Defines the width of the product window

The default value is 750 pixels.

WriteSMF True|False

Writes SMF records for particular actions

SMF records are written when the following actions are completed:

• Password reset
• User setup
• User unlock
• Temporary password set

You can also use Yes or No for WriteSMF.

If you omit this parameter, the default False or No is used.

The default SMF type used to identify SSPR records is 175, and the subtype is 21. This default is used if no SMFRecordType type parameter is defined in the Global configuration parameters for RSS.

If you choose to define an SMF type for RSS, we recommend that you use any number between 128 and 255 that is available to be collected by SMF.

Terminates the block of SSPR definitions