When the Rules Facility is installed, an installation can use the PASSCHNG user exit along with DIAGNOSE X’A0’ subcode X’60’, to keep passwords synchronized between the VM system (where CA VM:Secure is running) and other computer systems, such as—session managers, VM systems, MVS systems, and LAN systems.
When a user ID or system administrator on z/VM changes a password, the PASSCHNG user exit is called. You can use the PASSCHNG user exit to notify another server on the same VM system that a password has changed. On this server, you can also write your code or use another vendor’s product, to propagate the user ID and its new password to other systems.
When a user ID password is changed on another system, the user ID and its new password can be passed to a VM server that can use DIAGNOSE X’A0’ subcode X’60’ to change the password on VM, or use the MAINT MANAGE userid USER PASSWORD command to update the password if the Rules Facility is not active.
The DIAGNOSE X’A0’ subcode X’60’ specifies the password status when it is changed. The diagnose can then call the PASSCHNG user exit to allow other vendor products to be notified of password changes, thus enabling the password change to be propagated to other systems throughout the enterprise. The PASSCHNG user exit stores the password status on the *FL= (password flag) special comment in the user’s directory entry.
For example, you can write code on a session manager to interface with CA VM:Secure to keep passwords synchronized:
Note: For more information about the PASSCHNG user exit, see the user exit reference in the Reference Guide.
|
Copyright © 2014 CA.
All rights reserved.
|
|