Top Secret CPF Configuration for Vaulted Passwords

book

Article ID: 140839

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

When using a "Vault" application for passwords any password changes from "non-vaulted" lpars cannot be be CPF'd.  CPF'd passwords will fail on vaulted lpars and cause problems with the vault application.  CPFTARGET(LOCAL) is set in the LPAR Control Options and passwords are still propagated.

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

CPFTARGET(LOCAL) only controls how administrative commands are propagated.  To stop the delivery of signon password changes and suspensions change the BROADCAST setting for the target node definitions in the NDT.  For example, on CPFSYSID SYST  change the NDT via the following two commands:

TSS REPL(NDT) CPFSYSID(TSST) CPFNODE(TSSP) BROADCAST(NO)  to change the NDT
TSS MODI CPFNODE(TSSP=REFRESH)

This will stop the signon password changes from propagating to the production machine.