Document ID : KB000051821
Last Modified Date : 14/02/2018
Show Technical Document Details


The VERIFY PASSWORD returns the same values of:

EIBRESP (= NOTAUTH), EIBRESP2 (= 19), ESMRESP (= 28). and ESMREASON (zeroes) 

If the user's id is suspended or does not have the right FACILITY.

Also, the CA Top Secret r14 manuals do not have seem to have a list of what values would be returned in ESMRESP and ESMREASON.

The questions are:

Is it possible to differentiate between these conditions (using VERIFY PASSWORD)?

Is there a current list of ESMRESP and ESNREASON codes?


There are no other RESP2 code other than the ones documented in IBM documentation:


RESP2 values:

2 The supplied password is wrong.

3 A new password is required.

19 The USERID is revoked.

Because of this, no distinction can be made.

CA Top Secret is passing back a return code x'1C' to IBM. The CA Top Secret Detailed Reason Code (DRC) will indicate the reason of the failure.

The DRC is not a concept that CICS is aware of, and is unique to CA Top Secret. To determine the specific details of the signon failure a TSSUTIL report or a CA Top Secret SECTRACE would reveal the exact cause of the failure. CICS knows nothing about the concept of a CA Top Secret FACILITY...


With CICS 3.2, the verify password process has changed.

Per IBM CICS documentation:

Your application programs must always check the EIBRESP and EIBRESP2 values returned by the EXEC CICS VERIFY PASSWORD command and not rely on the ESMRESPand ESMREASON codes.