We are trying to implement mixed case password support, have turned on (in GSO PSWD record) PSWDMIXD, PSWDLC, PSWDUC, and have refreshed GSO. It still does not work. What is missing? What else is needed?

Document ID : KB000052850
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

There are several things that come into play to support mixed case (or lower case) passwords.

The CA ACF2 GSO PSWD record must specify PSWDMIXD. Additional options like PSWDLC and/or PSWDUC can enforce site requirements to include at least one lower case or upper case character. After making any GSO PSWD record changes, you must refresh the GSO PSWD record by issuing: F ACF2,REFRESH(PSWD)

The @CFDE for the PASSWORD field, in the ACFCFDE member of the CA ACF2 provided CAIMAC library, must specify STATUS=LOWERCSE to allow lower case passwords. This was introduced with release 6.5 of CA ACF2.

Solution

Verify that the CA ACF2 GSO PSWD record specifies PSWDMIXD by issuing SHOW STATE and review the password options in effect.

It is common for sites to have site defined updates for the PASSWORD field in their ACFFDR customization USERMOD (UM99901). Sites need to ensure that when they update any CA ACF2 provided logonid record field (specified in the CAIMAC library member ACFCFDE) that they do not inadvertently omit any new parameters introduced with new releases.

For example, the pre release 6.5 @CFDE entry for the PASSWORD field (in member ACFFDE) had:

@CFDE  PASSWORD,LIDNPSWD,CHEN,ALTER=SECURITY+ACCOUNT+USER,     TS77317X
              FLAGS=NEVER,PRTN=5,VRTN1=05,PROMPT=YES,          TS77317X
              CBPROC=YES                                       TS77317 

The release 6.5 version has:

@CFDE  PASSWORD,LIDNPSWD,CHEN,ALTER=SECURITY+ACCOUNT+USER,     TS77317X
              FLAGS=NEVER,PRTN=5,VRTN1=05,PROMPT=YES,          TS77317X
              CBPROC=YES,STATUS=LOWERCSE                       TA4699G 

And release 12.0 version has:

@CFDE  PASSWORD,LIDNPSWD,CHEN,ALTER=SECURITY+ACCOUNT+USER,     TS77317X
              FLAGS=NEVER+SPECIAL,PRTN=5,VRTN1=05,             TA7122HX
              PROMPT=YES,CBPROC=YES,STATUS=LOWERCSE            TA7122H 

Make sure that your site defined changes to the PASSWORD field (if any) retains the STATUS=LOWERCSE parameter. This can be verified by reviewing the assembly listing after applying USERMOD UM99901. If this parameter was omitted, then you cannot use lower case passwords.