Can ACF2 for z/VM and ACF2 for z/OS be configured to synchronize password phrases between z/VM and z/OS?

Document ID : KB000130059
Last Modified Date : 26/03/2019
Show Technical Document Details
Question:
Can ACF2 for z/VM and ACF2 for z/OS be configured to synchronize password phrases between z/VM and z/OS?
Answer:
Password phrase on ACF2 z/VM and ACF2 z/OS can be used with ACF2 z/VM Database Synchronization Component(DSC) and ACF2 z/OS Command Propagation Facility allowing for synchronization of password or password phrases between VM and z/OS systems.

The DSC allows synchronization of CA ACF2 for VM database changes between VM and z/OS systems using CAICCI (and VTAM) as the communications method.

DSC provides the necessary features that keep your CA ACF2 for VM Security for z/OS and CA ACF2 for VM for VM databases synchronized. That is, all updates, inserts, changes, and deletes you make to any CA ACF2 for VM record, from z/OS(CPF) or VM(DSC), are shipped (propagated) to the target
systems.

With ACF2 for z/VM the password phrases are stored in the ACF2 VM PWPHRASE Profile Record similar to the ACF2 for z/OS PWPHRASE Profile Data Records. PASSWORDs for both z/OS and z/VM are stored in the logonid record.

The "SHOW STATE"  command can be issued on both z/OS and z/VM to validate that sites are configured with the same PWPHRASE (Password Phrase) Profile Data Records settings in both environments.

Note that the use of password phrase and database synchronization will
not work if you are using AES2(AES 256 Encryption) on z/OS.