PSPwdMgr - How to determine which word list is in effect and what words it contains? (NETIQKB71983)

  • 7771983
  • 23-Dec-2009
  • 29-Mar-2012

Environment

Password Manager
PSPwdMgr
NetIQ Security Solutions for iSeries 8.1

Situation

PwdMgr - How to determine which word list is in effect and what words it contains?

Resolution

According to the PSPasswordManager User Guide, ?The Word Inventory is a User Index. By default, the product is shipped with a Master Inventory already built from members ENGLISH and NAMES of the file PMTXF with all options for a word list specified. Numeric suffixes are built for 1 and 2 only. Dates and PIN numbers are not included. The ALL3 list is then added to the inventory with only the double-up option specified. Adding the same word twice does not result in extra entries in the inventory.?

From the Work with Word Lists screen, press F2 (Show Count). The number of words in the Master Word Inventory is shown. However, there is no way to determine which Word Lists comprise the User Index.

To recreate the user index with the word lists of your choice:

Run command DLTUSRIDX PSSECURE/PMWRDLST
On the Work with Word Lists screen, press F2 (Show Count). This will recreate the user index with zero entries.
On the Work with Word Lists screen, position cursor in the input field for ?Word list member?, press F4 (list). Select the word list of your choice using option 1 (=Select).
On the Work with Word Lists screen, specify the options for generating the word list entries, such as *YES for ?Add numeric suffix to words? (Range 1 to 2) and so on. Press Enter to start updating the user index.
Repeat steps 3 and 4 for additional word lists to add to the user index.

Note on options for generating user index entries from the word lists. If *YES is specified for ?Reverse word?, then the word list has effectively doubled in size ? PSPasswordManager will check all the words in the dictionary forward and backward. Thus, if a user?s password is ANOZIRA (ARIZONA spelled backwards) and ?Reverse word? is *NO, then the password will not be identified as weak, but if ?Reverse word? is *YES then it will be identified as a weak password.

The process that updates the user index reads the selected word list member and for each word it produces any selected variations. The word and its variations are then encrypted using the same algorithm that OS/400 uses to encrypt passwords. 

The ENGLISH word list (with numeric suffixes for 1 and 2 only, dates and PIN numbers not included) yields 422,351 entries. After adding the ALL3 word list, user index (ENGLISH + ALL3) has 537,160 entries. The resulting size of PSSECURE/PMWRDLST *USRIDX is 17,829,888 bytes.

To edit the shipped word lists to add or delete words, on the Work with Word Lists screen, position cursor in the input field for ?Word list member?, press F4 (list). Select the word list of your choice using option 2 (=Edit with SEU). You may position cursor in the input field at the top of screen and press F1 for help with SEU or call NETIQ Tech support and we will help you.

The product was not designed to allow for switching between word lists but rather to build a single word list. If there is a need to switch between pre-built word lists, one should rename the user index and build another one comprised of different word lists. When the need arises to switch word lists, simply rename them as necessary. After renaming, you may have to signoff and on again to access the current PMWRDLST user index.

Additional Information

Formerly known as NETIQKB71983