Can the GSO PSWD restrictions be overridden in the ACF2 NEWPXIT? I have a few special LOGONIDs that I want to be able to override the global settings.

Document ID : KB000025684
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:  

 

Can the GSO PSWD restrictions be overridden in the ACF2 NEWPXIT? I have a few special LOGONIDs that I want to be able to override the global settings.

Answer:  

The NEWPXIT can interrogate a password and pass a return indicating whether the password is valid or invalid.

Once the exit has decided that the password is acceptable, it will then be validated against the global PSWD restrictions.

The ACF2 GSO NEWPXIT cannot override any of the GSO PSWD restrictions. The GSO PSWD restrictions are GLOBAL setting that apply to all users.

The following are the ACF2 GSO PSWD restrictions that can be enforced when a LOGONID's password is changed at system entry time or from the ACF CHANGE or INSERT commands.

MINPSWD(1 | n)
Specifies the minimum number of characters required in a new password.
PSWDALPH | NOPSWDALPH
Specifies whether CA-ACF2 for z/OS requires at least one alphabetic (a-z or A-Z) character to be present in a new password.
PSWDLC | NOPSWDLC
Specifies whether CA-ACF2 for z/OS requires at least one lowercase (a-z) character in a new password.
PSWDLID | NOPSWDLID
Specifies whether CA-ACF2 for z/OS will check if a new password matches the logonid.
PSWDMIXD | NOPSWDMIXD
Specifies passwords are case sensitive.
PSWDNAME(0,n)
Specifies whether CA-ACF2 will check if a new password contains part of a user's name for the number of characters (n) specified.
PSWDNMIC | NOPSWDNMIC
Specifies that CA-ACF2 for z/OS requires at least one numeric (0-9) character in a new password.
PSWDNUM | NOPSWDNUM
Specifies whether CA-ACF2 for z/OS will check if a new password is all numeric.
PSWDPAIR()
Specifies the number of consecutively repeated characters allowed to be in a password.
PSWDPLID | NOPSWDPLID
Specifies whether CA-ACF2 for z/OS will check for a logonid anywhere within a new password.
PSWDPLST()
Specifies the CA-ACF2 for z/OS will allow new password to contain non-alphanumeric characters in addition to default password characters, which are alphanumeric (a-z, A-Z, 0-9) and national (@ # $).
PSWDRSV | NOPSWDRSV
Specifies whether users can enter new passwords that being with a reserved word prefix.
PSWDSIM(0 | n)
Specifies whether password similarity checking is to be performed. Password similarity checking is done whenever a new password is entered and n is greater than zero.
PSWDSPLT | NOPSWDSPLT
Specifies whether a password contains a national or a user-defined
character.
PSWDUC | NOPSWDUC
Specifies whether CA-ACF2 for z/OS requires at least one uppercase (A-Z) character in a new password.
PSWDVOWL | NOPSWDVOWL
Specifies whether CA-ACF2 for z/OS will validate if a new password can specify vowel (A, E, I, O, U, a, e, i, o, u) characters.

New Password Exit (NEWPXIT) This exit gains control when a new password is supplied at system entry time and when the PASSWORD field is specified through the ACF CHANGE or INSERT subcommands.

Additional Information: 

Details on the GSO NEWPXIT can be found in the "Chapter 7: User Exits" of the CA ACF2 for z/OS System Programmer Guide.
Details on the GSO PSWD record can be found in the "Chapter 14: Maintaining Global System Options Records" of the CA ACF2 for z/OS Administrator Guide.