Resetting MASTER SCA Acid Password In Top Secret
search cancel

Resetting MASTER SCA Acid Password In Top Secret

book

Article ID: 12257

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Is MASTER SCA password connected/dependent in any way to the customer encryption key that is specified in control statements on TSSFAR job in KEY=?

How is the password reset executed? Can any SCA issue the password reset command?

Can those who know the password logon to TSO with MASTER SCA ACID?

Environment

z/OS

Resolution

The encryption key is used to encrypt the records stored in the security files. The passwords are encrypted depending on your CA Top Secret option AESENC. 
If you want to implement AES 256 you must apply RO86945 with RO88796 RO91603 RO91447 and to run TSSMAINS with the related AES 256 option AES256ENCRYPT. 

To set a new password for the MSCA (using ADDTO or REPLACE), an SCA must have UPDATE access to entity TSSCMD.USER.cmd.MSCAPW in the CASECAUT resource class, 
where cmd is the command being issued. 

This authority is required even if the administrator already has ACID(MAINTAIN) or MISC8(PWMAINT) authority.

Additional Information

For more details about password reset, click the link below:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/administrating/creating-security-administrators/restricted-administrative-authorities-casecaut-resource-class.html