This article documents how to display all logonids that do not have a password in ACF2.

ACF2 updates a TOD field based on encryption level when a password is set or changed. With three encryption methods there are three fields, PSWD-TOD, PSWA1TOD, and PSWA2TOD. If these fields are zeroed out, it indicates that a password was never set. It is recommended to filter out STC and RESTRICT users as those user types naturally do not have a password.

There are two different ways that users can be listed. Either use the TSO ACF LIST command or the ACFRPTSL report.

Example TSO ACF LIST command:

LIST UID(-) IF(PSWD-TOD EQ D'00/00/00' AND PSWA1TOD EQ D'00/00/00' AND PSWA2TOD EQ D'00/00/00' AND NORESTRICT AND NOSTC) 

Example ACFRPTSL report:

//REPORT  EXEC PGM=ACFRPTSL      
//SYSPRINT DD SYSOUT=*           
//SYSIN    DD *                  
 TITLE(ACF2 SL REPORT)           
 REPORT(SHORT)                   
 INPUT(ACF2)                     
 IF(PSWD-TOD EQ D'00/00/00' AND PSWA1TOD EQ D'00/00/00' AND -
 PSWA2TOD EQ D'00/00/00' AND NOSTC AND NORESTRICT)      

Either way will display all logonids that have never had a password set and are not STC nor RESTRICT users.