We are trying to implement mixed case password support, have turned on (in GSO PSWD record) PSWDMIXD, PSWDLC, PSWDUC, and have refreshed GSO. It still does not work. What is missing? What else is needed?


Article ID: 52850


Updated On:


CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit



There are several things that come into play to support mixed case (or lower case) passwords.

The CA ACF2 GSO PSWD record must specify PSWDMIXD. Additional options like PSWDLC and/or PSWDUC can enforce site requirements to include at least one lower case or upper case character. After making any GSO PSWD record changes, you must refresh the GSO PSWD record by issuing: F ACF2,REFRESH(PSWD)

The @CFDE for the PASSWORD field, in the ACFCFDE member of the CA ACF2 provided CAIMAC library, must specify STATUS=LOWERCSE to allow lower case passwords. This was introduced with release 6.5 of CA ACF2.


Verify that the CA ACF2 GSO PSWD record specifies PSWDMIXD by issuing SHOW STATE and review the password options in effect.

It is common for sites to have site defined updates for the PASSWORD field in their ACFFDR customization USERMOD (UM99901). Sites need to ensure that when they update any CA ACF2 provided logonid record field (specified in the CAIMAC library member ACFCFDE) that they do not inadvertently omit any new parameters introduced with new releases.

For example, the pre release 6.5 @CFDE entry for the PASSWORD field (in member ACFFDE) had:

              FLAGS=NEVER,PRTN=5,VRTN1=05,PROMPT=YES,          TS77317X
              CBPROC=YES                                       TS77317 

The release 6.5 version has:

              FLAGS=NEVER,PRTN=5,VRTN1=05,PROMPT=YES,          TS77317X
              CBPROC=YES,STATUS=LOWERCSE                       TA4699G 

And release 12.0 version has:

              FLAGS=NEVER+SPECIAL,PRTN=5,VRTN1=05,             TA7122HX
              PROMPT=YES,CBPROC=YES,STATUS=LOWERCSE            TA7122H 

Make sure that your site defined changes to the PASSWORD field (if any) retains the STATUS=LOWERCSE parameter. This can be verified by reviewing the assembly listing after applying USERMOD UM99901. If this parameter was omitted, then you cannot use lower case passwords.


Component: ACF2MS