Previous Topic: NEWUSER User ExitNext Topic: PASSWORD User Exit

Reference GuideUser Exit ReferencePASSCHNG User Exit

PASSCHNG User Exit

Use the PASSCHNG user exit to provide information that can be used to notify other computer systems or operating systems that a logon password has been changed.

PASSCHNG userid target {oldpw | *} newpw status caller

Definitions

userid

The user ID that requested the password change.

target

The user ID whose password has been changed.

oldpw

The previous password, if available.

An "*" is specified if the password is not available or if the Password Encryption Facility is in use.

If you are configured for password phrases, then the oldpw will be a quoted string, if it contains embedded blanks.

The sample user exit provided illustrates the techniques needed for parsing quoted string arguments.

newpw

The new password, in plain text, for target.

If you are configured for password phrases, then the newpw will be a quoted string, if it contains embedded blanks.

The sample user exit provided illustrates the techniques needed for parsing quoted string arguments.

status

The new password status value on the *FL= special comment in the target user directory entry.

The values can be *, E, R, or N:

Value

Password Status

*

Active (Used when the Rules Facility is not active)

E

Expired

R

Reset (using the PASSWORD command)

N

New
caller

The name of the macro or command that called the PASSCHNG user exit.

If the PASSCHNG user exit is called by DIAGNOSE X‘A0’ subfunction X’0214’, or, DIAGNOSE X’A0’ subfunction X’60’, the value is "DIAGA0".

Description

The PASSCHNG user exit is called by certain commands and menu selections after a logon password has been changed. It provides a list of parameters that can be used to allow notification of the change.

Virtual machines on z/VM can use the CA VM:Secure PASSCHNG user exit with the CA VM:Secure‑implemented DIAGNOSE X‘A0’ subfunction X’0214’ or DIAGNOSE X’A0’ subfunction X’60’ to keep passwords synchronized between the z/VM system where CA VM:Secure is running, and other computer systems such as session managers, z/VM systems, MVS systems, and LAN systems.

Note: For more information about synchronizing passwords, see the Rules Facility Guide.

Return Codes

The following table describes the return codes:

Return Code

Meaning

0

Completed

Macros

The following macros call the PASSCHNG user exit:

Called by

Optimized Macro Name

Under These Circumstances

VMXPSW00

PASSWORD

A logon password is changed using the PASSWORD command

VMXUSE80

USE00080

A logon password is changed using the USER command

VMXMAI00

MAINT

A logon password is changed using the MAINT command with the PASSWORD parameter

VMXFPC00

FORCEPWC

A logon password is changed at logon time by the Rules Facility

VMXIPL00

IPLEDPGM

A logon password is changed at logon time by the IPL program (VMXIPL). Used when users are forced to change their password using the EXPIRE command and not running the Rules Facility.