TPX does not authenticate a user if the if the userid in ACF2 has the RESTRICT flag.
Restrict is an attribute in the ACF2 logonid record that states the logonid does not have a password.
It is in the ACF2 defined logonid record at Offset x’10’ with a value of x’80’.
I discovered that it is possible to log on to TPX with an ACF2 Restricted userid. That is, one with no password.
Is there an option to prevent a userid with no password from logging on to TPX?
That would be my preferred approach. If not, how should I approach this?
I'd (obviously) prefer not to have to write an exit since that's just one more thing to maintain.
I assume I could set up the userids in question and give them no profile, which would allow a logon, but then no application access. But not allowing logon would be preferable and more in line with normal security practice.