Logging on using ACF2 Passphrase Using a TPX ACL

book

Article ID: 130680

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

While testing the use of PASSPHRASE running into a problem.
'Invalid Password'  displayed when using a TPX ACL to log on to TSO.
Parameter for IKJTSO is set to PASSPHRASE(ON) in the LOGON section of SYS1.PARMLIB.

Cause

Missing single quotes around passphrase.

Environment

Release:
Component: ACF2MS

Resolution

CA ACF2 stores a user’s password phrase in the User PWPHRASE Profile record in an encrypted format. Although you cannot display another user’s password phrase, you can use the following logonid record fields to control password phrases:

PWPALLOW PSWD-DAT PWP-VIO    For descriptions of these fields, see the Logonid Record Field Descriptions section.

A logonid and password or password phrase may be used to authenticate a user to a system. If both the password and password phrase are indicated, the password phrase will be used and the password will be ignored. The PWP-VIO field is incremented by one for every password phrase violation incurred within the same date. Any password phrase violations incurred after the current value in PSWD-DAT will cause the PWP-VIO count to be reset to 1 and the PSWD-DAT field will be updated to reflect the current date. The only time the PWP-VIO field is physically set to zero (0) is when the CA ACF2 security administrator resets the field or the CLEARVIO option in the GSO PSWD record is being used.

You can use the GSO PWPHRASE record to apply tighter controls over password phrases.


TSO requires quotes to be entered with the passphrase.

Additional Information

For detailed explanation see :Manage password phrases 
For more information, see :
Password Phrase (PWPHRASE)