TSS REPLACE password goes through TSSINSTX Command exit point. Changing my own password, it goes through the PREINIT exit point.

book

Article ID: 15919

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Why changing a password using TSS REPLACE password, goes through TSSINSTX Command exit point vs the PREINIT exit point?



When I issue a TSS REPLACE PASSWORD command for my own accessor ID, it apparently goes thru the TSS Installation Exit (TSSINSTX) via exit point PREINIT.

When I issue a TSS REPLACE PASSWORD command for an accessor ID other than my own, it apparently goes thru the TSS Installation Exit (TSSINSTX) via exit point COMMAND.

Can you please explain?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

A user (non-administrator) that changes their own password is completed with a RACROUTE VERIFYX request since they have no administrative authority, that is why that type of change ends up in the PREINIT exit point.

An administrator changing another user's password continues down the command change path and into the COMMAND exit point.

Assuming you are an administrator, even though you change your own password you should stay in the command path.