A protected ID that used to work just fine is now getting PHRASEONLY password violations and suspensions.
Specifically, it is now getting these errors in a TSSUTIL report:
*08*-E0 Violation 1
*08*-E0 Violation 2
*08*-E0 Violation 3
*1C*-1B ID suspended
E0 = USER CANNOT SIGN ON WITH A PASSWORD
1B = PASSWORD VIOLATION THRESHOLD EXCEEDED
PHRASEONLY password violations is a signon violation for a user attempting to signon with a 8 character password when PHRASEONLY is set for that user or all users.
PHRASEONLY users can only signon with a password phrase.
With PTF SO14329 applied, Top Secret introduces new functionality that now counts PHRASEONLY password violations and increment the PTHRESH password violation counter which can lead up to the eventual suspension of the acid.
Release : 16.0
Component : CA Top Secret for z/OS
The real issue is that a password is being supplied for a protected ID which does not (or should not) contain a password or phrase.
The resolution is find out where or by whom the password is being supplied and to stop supplying a password for the protected ID.