search cancel

Handling of userids without password after added Passphrase support to CA XCOM

book

Article ID: 8656

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - z/OS

Issue/Introduction

CA XCOM added support for PASSPHRASE’s earlier this year with fix RO94308 ENHANCEMENT: SUPPORT FOR PASSPHRASE SECURITY By supporting PASSPHRASE up to 100 characters in length, user identification can be more secure due to having authentication codes that are more difficult to compromise.

This exposed a problem with the use of credentials or userids without a PASSWORD defined, causing the transfers to fail with various error messages and symptoms. Here are some of those messages:

   XCOMM0464E PASSWORD MISSING. REQUIRED FOR SAF PROCESSING

   XCOMM0466E LPASS REQUIRED WHEN LUSER IS SPECIFIED

   IRR013I VERIFICATION FAILED. INVALID PASSWORD GIVEN.

   *ACF01006 A PASSWORD IS NOT ALLOWED FOR LOGONID

   *ACF01007 A PASSWORD IS REQUIRED FOR LOGONID

 

Environment

XCOM r12, ACF2

Resolution

Fixes:

RO97661 USERIDS WITHOUT PASSWORDS NOT HANDLED CORRECTLY was written to address the problems with userid’s without passwords not being handled correctly.

RO98396 AFTER APPLYING RO97661, lpass sysin01 parameter is ignored to address the LPASS parameter from being ignored.

The fixes addressed the problems described, but in the process of addressing the problem it was determined that if using ACF2 for your security you may encounter transfer failures with message “ACF01006 A PASSWORD IS NOT ALLOWED FOR LOGONID” or “ACF01007 A PASSWORD IS REQUIRED FOR LOGONID.”

The reason for the transfer failure is due to having defined the userid in ACF2 with the RESTRICT attribute. In this case the user initiated a transfer to z/OS and specified a password in their configuration for a userid that was defined with the RESTRICT attribute. To address that failure you will need to review ACF2 Knowledge Document Batch jobs are failing with ACF01007 PASSWORD REQUIRED. How can this be corrected?
 and/or contact ACF2 support for details on the attribute.

To address the transfer failure you may:

1) Remove the PASSWORD specifications for USERIDs which are defined as RESTRICTED to ACF2. (This may also require that the restricted USERIDs have access to the resource as outlined in ACF2 Batch jobs are failing with ACF01007 PASSWORD REQUIRED.

2) The USERIDs could be modified to remove the RESTRICTED attribute, and PASSWORDs generated and updated accordingly. Note that with this option, the passwords can be set not to expire.