Passphrase activation requires changes in TPX and also in the ESM.
This document covers steps needed to implement passphrase for TPX, in an ACF2 Environment.
Steps needed to activate passphrase in ACF2 is not covered here. See ACF2 - Manage Password Phrases
Release: 5.4
Component TPX for Z/Os
NOTE: Turning on Password Phrase support inside ACF2 or MVS is beyond the scope of this document and is not covered.
TPX Setup of Password Phrase in an ACF2 Environment
This document outlines what needs to be done to configure TPX, to allow a site to process Password Phrase signons when running with ACF2 security. Turning on Password Phrase support in ACF2 or MVS is beyond the scope of this document and is not covered.
After applying PTFs and APARs for TPX Password Phrase implementation in an ACF2 environment a site will need to:
NOTE: Before making the SMRT changes to implement Password Phrase, we recommend backing up the production ADMIN1 and ADMIN2 files and/or the SMRT configuration within TPXADMIN.
Password Phrase Related TPX 5.4 PTFs
Sites should consider installing all the following Password Phrase maintenance under TPX 5.4:
Sites using German Panels should also apply:
ACF2 sites must apply Password Phrase ACF2 APAR RO38461
CA ACF2 R15 (Z/OS) and CA ACF2 R14 (Z/OS) sites must apply ACF2 APAR RO38461 before attempting to use the TPX Password Phrase interface.
Update the ACF2 SAMT Table with Password Phrase Messages
ACF2 sites have to add the new SAMT messages for ACF2 messages related to Password Phrases.
Use sample job ACF2PWPH (from the CB0VJCL file) to install ACF2 SAMT entries into the ADMIN1 VSAM file:
//INSTPWPH JOB (ACCT-INFO),'INSTALL PANELS',CLASS=A,REGION=0M //* //*=================================================================== //* = //* INSTALL SAMT MSGS NEEDED FOR ACF2 PASSWORD PHRASE SUPPORT = //* = //* THIS JCL IS USED TO INSTALL THE SECURITY ACTION MESSAGES = //* REQUIRED TO SUCCESSFULY USE PASSWORD PHRASES WITH ACF2. = //* = //*=================================================================== //* BEFORE SUBMITTING: = //* = //* 1. SUPPLY AN APPROPRIATE JOB CARD FOR THIS JOB. = //* 2. MODIFY THE SUBSTITUTION PARMS TO MEET YOUR = //* SITES REQUIREMENTS ON THE "UNLOAD" PROC. = //* = //*=================================================================== //* = //UNLOAD PROC IPREFIX='TPX.TPX54', HLQ OF DIST LIBRARIES // VPREFIX='TPX' HLQ OF VSAM FILES //IDCAMS1 EXEC PGM=IDCAMS //SYSPRINT DD SYSOUT=* //AMSDUMP DD SYSOUT=* //DATVIN DD DISP=SHR,DSN=&IPREFIX..CB0VDATV(ACF2PWPH) //ADM1OUT DD DISP=SHR,DSN=&VPREFIX...ADMIN1 // PEND //XUNLOAD EXEC UNLOAD //IDCAMS.SYSIN DD * REPRO INFILE(DATVIN) OUTFILE(ADM1OUT) /*
Here are the new ACF2 SAMT table entries introduced with the Password Phrase APARs and/or PTFs:
Return Code/ Cursor Suppress Substitute
Message ID Action Position Message Message IDs
Return Code/ Cursor Suppress Substitute Message ID Action Position Message Message IDs #0000159 R SNPSWDV N #0000220 R SNPSWDV N #0001005 R SNPSWDV N #0001108 P SNNPSWDV N #0001142 R SNPSWDV N #0001044 R SNPSWDV N #0001163 R SNPSWDV N
Here are the new ACF2 Messages which are to be added to the ACF2 SAMT table:
SMRT Related configuration changes for Password Phrase signons
<Please see attached file for image>
<Please see attached file for image>
<Please see attached file for image>
A TPX site administrator should set the Default LOGO parameter to TEN1003 when they need to allow password phrase signon attempts:
<Please see attached file for image>
A TPX site administrator may customize their local TEN1003 Signon Panel. Sites should customize the TEN1003 panel in another local library (non-SMPE TPX library) so that TPX maintenance doesn't accidently overwrite changes made by the local site. (For example, a site wants to put their company name on their version of the TPX TEN1003 panel.)
Many variables on the TEN1003 panel affect how the panel functions and what is displayed. Password Phrase/New Password Phrase variables allow 100 byte character fields. Each Phrase field is broken into two 50 byte fields.
The TEN1003 sign-on panel contains five specific signon related variables:
The sites must be careful when modifying fields on the TEN1003 panel. Variables having to do with password phrase fields can contain up to 50 characters. Any time either the SNPSWDV or SNNPSWDV fields are entered with less than nine characters causes the user to have a traditional password signon attempt. A Password Phrases signon attempt occurs when the password phrase is entered with a length between 9 and 100 characters in length.
A sample TEN1003 signon panel:
<Please see attached file for image>
For more information on the TEN0003 and TEN1003 signon Panels, see the Password Verification section in Programming Guide: TPX Programming/Modifying panels/Password Verification.