Is it possible to force a user to use only their Kerberos connection setup in the Top Secret SDT -vs- trying to connect with a password?

Release : 16.0

Component : CA Top Secret for z/OS

There is an attribute called PROTECTED. If a user is given this attribute, the user will lose their password and phrase. Documented at the following link.

Users with the PROTECTED attribute will no longer have the ability to signon with a phrase and password.

They still will be able to signon using other methods that dont require a password or phrase like Kerberos and digital certificates.