What entry points are called in the Top Secret Installation Exit (TSSINTSX) in a CPF (Command Propagation Facility) environment when a user changes the password at logon time? 

With CPF active, there are two things to consider:
   1) What's happening on the local node (where the password is initialy changed)
   2) What's happening on the remote node(s).

On the local node, entry points PASSWORD CHANGE and SECURITY FILE CHANGE are called. 

On the remote nodes, entry points COMMAND VALIDATION and SECURITY FILE CHANGE are called.

For more information about Top Secret CPF (Command Propagation Facility), see Command Propagation Facility.

For more information about the Top Secret TSSINSTX, see Extending Security Through Site Security Exits.