LID not taking NOPWP-EXP after a password change
search cancel

LID not taking NOPWP-EXP after a password change

book

Article ID: 259313

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

On this Techdoc the documented default of PWP-EXP field is NOPWP-EXP:

PWP-EXP|NOPWP-EXP
Indicates a password phrase has been manually expired (forced to expire). This field can be set by a security
administrator to force the user to change their password phrase.

The default is NOPWP-EXP, not forced to expire.

 

When the Security Administrator changes the Password Phrase of a user, ACF2 sets the PWP-EXP by default, which is the opposite to what is written in the documentation. Why is it happening?

 

Environment

Release : 16.0

Resolution

The default value of NOPWP-EXP is only valid when the user changes his own password phrase and not someone else. When a Security Administrator changes a Password Phrase of a user the PSWDFRC field from the GSO records is checked. If the PSWDFRC value is in place, ACF2 sets the PWP-EXP field in the PWPHRASE profile record:

 

PSWDFRC|NOPSWDFRC

Specifies whether a user is forced to change the password or password phrase at the next logon. The force occurs if someone other than the user changes the password or password phrase, such as a security administrator or account manager. When PWSDFRC is defined, ACF2 sets the PWP-EXP field in the PWPHRASE profile record, which forces the user to change their password phrase at next logon. NOPSWDALT and PSWDFRC conflict and you should not use them together. If you set PSWDFRC, ACF2 uses the PSWDALT option.

Default: PSWDFRC

 

This field can be verified by issuing the ACF2 subcommand SHOW PSWDOPTS.

Additional Information

Techdoc: Password Maintenance and Support (PSWD)