ACF2ACF2 - DB2 OptionACF2 for zVMACF2 - z/OSACF2 - MISC
Issue/Introduction
While testing the use of PASSPHRASE running into a problem. 'Invalid Password' displayed when using a TPX ACL to log on to TSO. Parameter for IKJTSO is set to PASSPHRASE(ON) in the LOGON section of SYS1.PARMLIB.
Environment
Release: Component: ACF2MS
Cause
Missing single quotes around passphrase.
Resolution
CA ACF2 stores a user’s password phrase in the User PWPHRASE Profile record in an encrypted format. Although you cannot display another user’s password phrase, you can use the following logonid record fields to control password phrases:
PWPALLOW PSWD-DAT PWP-VIO For descriptions of these fields, see the Logonid Record Field Descriptions section.
A logonid and password or password phrase may be used to authenticate a user to a system. If both the password and password phrase are indicated, the password phrase will be used and the password will be ignored. The PWP-VIO field is incremented by one for every password phrase violation incurred within the same date. Any password phrase violations incurred after the current value in PSWD-DAT will cause the PWP-VIO count to be reset to 1 and the PSWD-DAT field will be updated to reflect the current date. The only time the PWP-VIO field is physically set to zero (0) is when the CA ACF2 security administrator resets the field or the CLEARVIO option in the GSO PSWD record is being used.
You can use the GSO PWPHRASE record to apply tighter controls over password phrases.
TSO requires quotes to be entered with the passphrase.