Logging on using ACF2 Passphrase Using a TPX ACL
search cancel

Logging on using ACF2 Passphrase Using a TPX ACL


Article ID: 130680


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC


While testing the use of PASSPHRASE running into a problem.
'Invalid Password'  displayed when using a TPX ACL to log on to TSO.
Parameter for IKJTSO is set to PASSPHRASE(ON) in the LOGON section of SYS1.PARMLIB.


Component: ACF2MS


Missing single quotes around passphrase.


CA ACF2 stores a user’s password phrase in the User PWPHRASE Profile record in an encrypted format. Although you cannot display another user’s password phrase, you can use the following logonid record fields to control password phrases:

PWPALLOW PSWD-DAT PWP-VIO    For descriptions of these fields, see the Logonid Record Field Descriptions section.

A logonid and password or password phrase may be used to authenticate a user to a system. If both the password and password phrase are indicated, the password phrase will be used and the password will be ignored. The PWP-VIO field is incremented by one for every password phrase violation incurred within the same date. Any password phrase violations incurred after the current value in PSWD-DAT will cause the PWP-VIO count to be reset to 1 and the PSWD-DAT field will be updated to reflect the current date. The only time the PWP-VIO field is physically set to zero (0) is when the CA ACF2 security administrator resets the field or the CLEARVIO option in the GSO PSWD record is being used.

You can use the GSO PWPHRASE record to apply tighter controls over password phrases.

TSO requires quotes to be entered with the passphrase.

Additional Information

For detailed explanation see :Manage password phrases 
For more information, see :
Password Phrase (PWPHRASE)