The return codes issued by CA ACF2 for VM for the SAF interface are similar to those documented in the IBM External Security Interface (RACROUTE) Macro Reference Guide. Two sets of return codes are returned to the caller. These are the SAF return code and the RACF return and reason codes.
The SAF return code is set to a value of 0, 4, or 8. The standard meaning of these codes is:
The requested function was processed and has completed successfully.
The requested function has not been processed.
The requested function was processed and has failed.
If a Logonid Not Found condition, CA ACF2 for VM returns a SAF return code of 8 instead of 4 as documented in the IBM guide referenced in the previous section.
The RACF return and reason codes are more variable and are based on the type of call being processed. The RACF codes that are returned normally follow the codes documented in the IBM Reference Guide. There may be discrepancies where there is no code matching a specific CA ACF2 for VM function. This is especially true with the VERIFY and VERIFYX calls. The CA ACF2 for VM SAF interface sets RACF return and reason codes based on the message returned by the CA ACF2 for VM SVC when a failure occurs.
The following table shows how the internal CA ACF2 for VM logon validation (ACVALD) return code is translated into the RACF return and reason code. If no table entry is found, a value of 24(18)/00 (return and reason code) is used. The value in parenthesis is the equivalent hex value as shown in the IBM RACROUTE Guide.
|
CA ACF2 for VM |
RACF |
|
|
|---|---|---|---|
|
004 |
04(04) |
0 |
Logonid not found |
|
006 |
08(08) |
0 |
Password not allowed for logonid |
|
007 |
08(08) |
0 |
Password required for logonid |
|
008 |
48(30) |
0 |
Unauthorized input source for logonid |
|
010 |
28(1C) |
0 |
Logonid canceled |
|
011 |
28(1C) |
0 |
Logonid suspended |
|
012 |
08(08) |
0 |
Password not matched |
|
013 |
28(1C) |
0 |
Logonid suspended, password violations |
|
014 |
28(1C) |
0 |
Logonid expired |
|
015 |
08(08) |
0 |
Invalid password syntax |
|
017 |
12(0C) |
0 |
Password expired |
|
018 |
16(10) |
0 |
Invalid new password syntax |
|
019 |
16(10) |
0 |
Password less than minimum length |
|
020 |
16(10) |
0 |
New password less than minimum length |
|
021 |
12(0C) |
0 |
Password expired, cannot be altered |
|
023 |
16(10) |
0 |
New=old password and old one is expired |
|
025 |
28(1C) |
0 |
Logonid not active |
|
026 |
24(18) |
0 |
Access denied by EXPPXIT exit |
|
030 |
48(30) |
0 |
Logonid has STC attribute |
|
031 |
48(30) |
0 |
Logonid does not have STC attribute |
|
032 |
48(30) |
0 |
Logonid/Source combo not valid |
|
033 |
16(10) |
0 |
Invalid new password syntax for NJE |
|
034 |
16(10) |
0 |
New password less than minimum length NJE |
|
035 |
24(18) |
0 |
SEVPRE/SEVPOST exit failed request |
|
036 |
24(18) |
0 |
Invalid RC from SEVPRE/SEVPOSt exit |
|
037 |
16(10) |
0 |
New password denied by NEWPXIT exit |
|
039 |
48(30) |
0 |
Invalid grouping structure |
|
045 |
52(34) |
0 |
Not authorized for access to MUSASS |
|
060 |
48(30) |
4 |
Zone record not found |
|
061 |
48(30) |
4 |
Logonid time not within shift |
|
062 |
48(30) |
4 |
Error in shift processing routines |
|
063 |
48(30) |
4 |
Shift record not found |
|
097 |
04(04) |
0 |
No default logonid specified |
|
098 |
32(20) |
0 |
CA ACF2 for VM not initialized |
|
100 |
20(14) |
0 |
Not authorized for group |
|
115 |
16(10) |
0 |
New password cannot equal logonid |
|
116 |
16(10) |
0 |
New password cannot be all numeric |
|
117 |
16(10) |
0 |
New password has reserved word prefix |
|
118 |
16(10) |
0 |
New password matches a previous password |
|
128 |
16(10) |
0 |
Invalid syntax for new password |
|
130 |
16(10) |
0 |
New password less than minimum length |
|
131 |
16(10) |
0 |
New password equals old password |
|
132 |
16(10) |
0 |
New password not allowed |
|
136 |
16(10) |
0 |
Mindays violation |
|
200 |
08(08) |
0 |
Invalid password/authority |
|
255 |
16(10) |
0 |
Password rejected by NEWPXIT exit |
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|