TPX has an option in the SMRT : Keep Pswds Encrypted

When specified, TPX will not decrypt passwords before passing them to the signon/signoff exit, TPXUSNSF.

If an unencrypted password is needed by the exit, the ENCRYPT macro can be used to decrypt it.

TPX can be coded to support encryption via an exit. The exit would be compiled as TPXUENDE. This exit gains control at multiple points within the product, processing when the user's password fields need to be either encrypted or decrypted. For example, before calling the signon and signoff exit, this exit is called to first decrypt the user's password fields so they can be referenced in the exit. Upon return, the exit is called to encrypt the password information again.

You can use the product's own security system to manage security. With this security, users determine their own passwords, and the software encrypts and stores them in the ADMIN2 data set.

The Systems Programmer Guide (Chapter 5) provides information on how to code this Encrypt/Decrypt exit and a sample is supplied, if a customer would like to write their own routine.