User issues "VMSECURE MAINT PASSWORD" but violates a password length rule on the first try. They correct their error, but on the 2nd try the date check (we don't allow changing password 2 times the same day) fails because the NPASS EXEC is fed the current date as if the failed change actually worked.
User console:
11:36:10 VMXMAI0372R Select and enter a new password for your userid :
11:36:18 VMXMAI0373R Please enter the same new password once again :
11:36:24 VMXMAI0383I From exit: Rejected: Minimum password length is 15 characters.
11:36:24 VMXMAI0372R Select and enter a new password for your userid :
11:36:42 VMXMAI0373R Please enter the same new password once again :
11:36:53 VMXMAI0383I From exit: Rejected: The password has already been changed today.
VMSECURE CONSOLE with DEBUG flag on NPASS EXEC:
invokee = AAAAAA
newpw = LN:ZVN09FABGQ
oldpw = XO0;!UPAC7G<*7I$
olddate = 18/09/10
pw.1 = ME13pt@$tryit
pw.2 = 032=JV9B:--W!LJ
pw.3 = 032=JV9B:--W!LJ
Password not at least 15 characters
PASSWORD UserExit is NPASS
invokee = AAAAAA
newpw = LN:ZVN09A063J<RCA3%2J%
oldpw = XO0;!UPAC7G<*7I$
olddate = 18/09/12
pw.1 = ME13pt@$thisshouldwork
pw.2 = 032=JV9B:--W!LJ
pw.3 = 032=JV9B:--W!LJ
Password changed once today already
PASSWORD UserExit is NPASS
NPASS uses your sample 'nextToken()' to fetch the args. The exec's date check is just "If olddate = date('ordered')" but as you can see from the VMSECURE console the last changed date is updated to today even though they change failed.
Also, if the user aborts and tries again, and doesn't make any mistakes then the change is accepted. This is because the "*PW=yy/mm/dd" is still unchanged.