Can Password History be Cleared

Document ID : KB000107108
Last Modified Date : 19/07/2018
Show Technical Document Details
Question:
 In order to reduce the elapsed and cpu time of job TSSXTEND with AES256ENCRYPT on a SECFILE containing many acids, is it possible to remove the history of old passwords in the SECFILE ?  
Answer:
There is no easy way to remove the password history. If you changed the PWHIST to 0, then it would stop saving passwords and each interval one would be dropped from the history; but that would take quite a long time. Any other options/scenarios are also very time consuming. There is no way to issue a command or run a job that would delete the password history. Any type of zap would have to be done for each individual acid and the address space for each acid's password history would have to be found first; hence, it would be quite an administrative project. All that being said your best bet is to create a new secfile, and create a new backup file. Take a back up of your current secfile pointing to the new backup file. Now you can run TSSXTEND from the new backup file into a new secfile and continue to use your current secfile and backup. When TSSXTEND is done you can come up on the new file and then run forward recovery to bring the new secfile up to date on any changes that occurred while you were running TSSXTEND into the new file.