The DCDCONTL STC userID requires a DCE segment that contains the encrypted password for DB_CONNECT_PASSWORD used in conjunction with the DB_CONNECT_USERID to authenticate with DB2 when connecting to the DCD Database.  The DCD security configuration jobs define the DB_CONNECT_PASSWORD as non-expiring, is there an alternative approach to define the DB_CONNECT_PASSWORD without being non-expiring?

Release : 3.0

It is possible to define the DB_CONNECT_USERID's DB_CONNECT_PASSWORD without being non-expiring by ensuring the following jobs are run every time the DB_CONNECT_PASSWORD is changed:                                            
The CFEYJCL(FEYDCEKP) specifying the new credentials with the Replace option: 

//DCEKEYSI DD  *                                                       
DCEKEY_DONOR_USERID=DCDCONTL                                           
DB_CONNECT_USERID=DCDADM       =====> default                                        
DB_CONNECT_PASSWORD=CA#DCD   ====> default                                          
*FORCE       /* Uncomment when setting values for first time  */       
*REPLACE     /* Uncomment when replacing an existing CA-DCD dcekey */

You will also want to modify the CFEYCFG(FEYCFG) to modify the DB_CONNECT_PSWD value (for administrative purpose), and ensure the security job is run to alter the DCDADM userID with the new password.

Our recommendation is to set it once (non expiring) to ensure subsequent security failures when DCD tries to connect to its DB2 database don't occur.