The VERIFY PASSWORD returns the same values of:
EIBRESP (= NOTAUTH), EIBRESP2 (= 19), ESMRESP (= 28). and ESMREASON (zeroes)
If the user's id is suspended or does not have the right FACILITY.
Also, the CA Top Secret r14 manuals do not have seem to have a list of what values would be returned in ESMRESP and ESMREASON.
The questions are:
Is it possible to differentiate between these conditions (using VERIFY PASSWORD)?
Is there a current list of ESMRESP and ESNREASON codes?
There are no other RESP2 code other than the ones documented in IBM documentation:
2 The supplied password is wrong.
3 A new password is required.
19 The USERID is revoked.
Because of this, no distinction can be made.
CA Top Secret is passing back a return code x'1C' to IBM. The CA Top Secret Detailed Reason Code (DRC) will indicate the reason of the failure.
The DRC is not a concept that CICS is aware of, and is unique to CA Top Secret. To determine the specific details of the signon failure a TSSUTIL report or a CA Top Secret SECTRACE would reveal the exact cause of the failure. CICS knows nothing about the concept of a CA Top Secret FACILITY...
With CICS 3.2, the verify password process has changed.
Per IBM CICS documentation:
Your application programs must always check the EIBRESP and EIBRESP2 values returned by the EXEC CICS VERIFY PASSWORD command and not rely on the ESMRESPand ESMREASON codes.