I am testing R12.0, currently 11.6 in production is working just fine using a modified XCOMRACF and user ids without passwords. This scenario is failing in R12.0 I have applied fix RO97661 and it is still failing. Do I have to define the user ids as TRUSTED even though the fix is on? Should I have to re-assemble XCOMRACF after the fix was applied? What kind of documentation is required to trouble shoot this situation?

XCOMSEC has replaced XCOMRACF, XCOMACF2, XCOMTOPS in XCOM r12 after applying fix RO94308. 

XCOMSEC is very much like the old XCOMRACF, so porting your changes should be easy. You will notice that in XCOMSEC there are 3 different RACROUTE calls, 1 with PASSWORD, 1 with PASSPHRASE, and the other that doesn't check the password/passphrase at all. 

You should be able to modify XCOMSEC to use the one that does not check the password.