Does PASSWORD need to be specified during ACF2 logonid creation when PWPONLY (passphrase only) is specified on the logonid?
Release : 16.0
Component : ACF2 for z/OS
Whether or not PASSWORD needs to be specified when creating an ACF2 logonid depends on a setting in the GSO PSWD record:
Specifies whether a password is required for all logonids, except STC and RESTRICT logonids when a logonid is inserted or a change command is issued for a logonid to remove the STC or RESTRICT privilege. When PSWDREQ is set, logonids that are inserted or changed (to remove STC or RESTRICT), the password field is checked for a valid value.
If PSWDREQ is set and a LOGONID is being inserted without a password or a CHANGE is done to remove STC or RESTRICT without a password, the following message is issued:
ACF02037 KEYWORD PASSWORD IS REQUIRED
With PSWDREQ on, a logonid record will not be able to be INSERTed without a password even if PWPONLY is set. This is because even if PWPONLY is set, SECURITY ids can still log on with a password and sites may also wish for granularity by having some ids specify PWPORPWD. In either case, making a password associated with the logonid mandatory even if they are not using it (or allowed to use it) keeps the id secure.