ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What PTFs are needed for ACF2 PSWD encryption for AES 256?

book

Article ID: 187589

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 - z/OS ACF2 - MISC

Issue/Introduction

PTFs are needed for ACF2 PSWD encryption for AES2 256 and to address performance issues.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

The PTFs published for PSWD encryption to AES 256 include: 
 
SO01064, SO01559 and SO01560 added the following improvements:
The use of PSWDENCT(AES2) in the GSO PSWD record incurs more processing overhead at Signon than other encryption methods.            
This apar/PTF addresses two different issues.                           
                                                                        
1. If NOONEPWALG is set in the GSO PSWD record, multiple password encryption formats are kept internally. In an effort to
    improve performance with NOONEPWALG in effect, the current setting of the GSO PSWD PSWDENCT will be used for
    password validation at Signon, enabling a site to regress to AES1 or XDES if the AES2 validations are too expensive to tolerate. 
              
2. Improve throughput for a full password validation signon by reducing Database I/O and ENQUEUEs to the ACF2 LOGONIDS
    Database. If NOSTATS is set on the MUSASS address space LOGONID, or BYPSTATS is set on the GSO OPTS record, the
    ACF2 SYSPLEX Coupling Facility will be referenced for the LOGONID record rather than the LOGONIDS database during signon processing.  
                      

SO03889, SO04781, SO05420 and SO06277 added the following improvements:


1. Added an internal password cache, using AES256 encryption, to alleviate performance issues with using AES256 with passwords.   

 
Recommended PTFs for AES2 Password Encryption:
SO07365 - For CICS
SO06277
SO05420
SO04781
SO04776 - For base ACF2
SO03889
SO01560 - For base ACF2
SO01559 - For base ACF2
SO01064 - For base ACF2
SO10255
SO15033 - For base ACF2
SO16044
RO95192 - MINDAYS not enforced with AES2
RO97779
RO97780