A SECDBG trace showed - SAF Return Code :Hexadecimal 08 and RACF Return Code: Hexidecimal 10
Here is the IBM Documentation where the return/reason codes are documented ; RACROUTE REQUEST=VERIFY
At least one of the following conditions has occurred:
Release : TPX 5.4
The password for the user was made permanent (NOEXPIRE) the same day they tried to enter a Newpassword. The minimum PW change interval was 1 day. After waiting a day then a Newpassword could be entered.