ACF2 GSO NJE Password Encryption. Is NOINHERIT required for ENCRYPT to function?
Article ID: 249119
Updated On:
Products
ACF2 - z/OS
Issue/Introduction
Will ENCRYPT on NJE GSO record only apply when JECL /*PASSWORD or comment //*PASSWORD statement is present - even with inherit?
Environment
Release : 16.0
Component : ACF2 for z/OS
Resolution
When ENCRYPT is specified in the relevant GSO NJE record, any time that a password is specified in the JCL it will be encrypted.
(apart from the exclusion below).
This includes /*PASSWORD //*PASSWORD and PASSWORD= on the jobcard.
NOINHERIT/INHERIT is not relevant to the password encryption process.
ENCRYPT|NOENCRYPT
Specifies that the password provided on jobs that are sent to this node for validation are in a partially encrypted format using the XDES algorithm.
NOENCRYPT specifies that the password is sent in clear-text format.
NOENCRYPT specifies that the password is sent in clear-text format.
Nodes that use no security system or use a security package other than
ACF2, must be sent passwords in clear text format.
When the password is longer than eight characters, it is always encrypted before being sent to the other system.
Note:
Note:
If the job is sent by an /*XMIT statement, ENCRYPT does not apply to any password specified on the second job statement.
In this case, the password is sent in clear text format.
If the job is sent by an /*ROUTE XEQ statement, ENCRYPT cannot be used when attempting to do a password change in the job.
All password changes fail on the remote system.
If the job is sent by an /*ROUTE XEQ statement, ENCRYPT cannot be used when attempting to do a password change in the job.
All password changes fail on the remote system.
Default:
ENCRYPTFeedback
Yes
No
Powered by
