OMVS segment changes propagated using CPF from Top Secret to ACF2?
search cancel

OMVS segment changes propagated using CPF from Top Secret to ACF2?


Article ID: 263334


Updated On:


ACF2 - z/OS


How can CPF be enabled to propagate communication between Top Secret and ACF2, so that any OMVS segment entries from TSOA gets CPF'd into an  ACF2 environment(TSOB)? 

Currently in the environment, CPF PASSWORD records coming from a Top Secret Lpar(TSOA) can successfully  propagated into the ACF2 lpar(TSOB) but not the other way(ACF2 into TSS).



Release : 16.0


From ACF2 documentation section: 'ACF2 CPF Processing':

Using the TARGET Parameter
If both Command Propagation and Extended Password Synchronization are active, the entire command is propagated to the ACF2 nodes specified, and any password related changes are propagated to the Top Secret nodes specified.

CPF to Top Secret Nodes
ACF2 supports the propagation of system entry password and password phrase changes to and from Top Secret nodes when Password Synchronization is active. It is only necessary to add a NODEDEF with TSSNODE specified for the Top Secret node and add the node name to the DFTPSW field in the CPF OPTIONS record.
Administrative password changes and other password related field changes using the ACF CHANGE subcommand or ACALT change requests are also eligible for propagation to Top Secret nodes when Extended Password Sync is active. A valid NODEDEF with TSSNODE specified may be added to the DFTPSW node list or may be specified in the TARGET parameter of an ACF2 subcommand or the ACATARG field of the ACALT parameter list. Only CHANGE subcommands are inspected for password related fields (PASSWORD, PWPHRASE, PSWD-VIO, PSWD-EXP, PWP-VIO, PWP-EXP, KERB-VIO and SUSPEND). If any masking parameters are found, the request is not propagated to Top Secret nodes.