in the z/OS 2.2 RACF Migration, it states:
/Evaluate your use of the ICHDEX01 exit routine
(*) Starting in z/OS V2R2, RACF no longer uses the masking algorithm (a weak form of encryption) by default to authenticate passwords and password phrases when the initial attempt using DES results in failure. To continue the use of masking, which is not recommended, your installation can do so only by using an ICHDEX01 (password authentication) exit routine. If no ICHDEX01 exit routine exists, RACF now uses only DES encryption for authentication.
Will this change in zOS have affect our Top Secret installation?
The CA Top Secret product makes no use of the ICHDEX01 exit routine. We handle all password and passphrase encryption and storing with native code routines. So this change will have no affect on a CA Top Secret installation.