Support for Password Phrase Interception (RACF, CA-ACF2 and CA-Top Secret)
This fix enables interception of password phrase change for RACF, CA-ACF2 and CA-Top Secret.
- RACF
- Dynamic installation
- Static installation
- CA-ACF2
- Dynamic installation
- Static installation
- CA-Top Secret
RACF
The new ICHPWX11 password phrase exit, intercepts password phrase (passphrase) change when:
- processing ADDUSER, ALTUSER, PASSWORD or PHRASE commands
- changing passphrase during LOGON processing
The ICHPWX11 exit sends the new passphrase to the Online Interceptor once it intercepts the change in phrase.
The ICHPWX11 password phrase exit can be applied/installed using either of the following methods:
- Method 1: Dynamic installation
- Method 2: Static installation
Dynamic installation
This procedure is used when Online Interceptor loads the password phrase exit from RACF Connector LOAD library.
Perform the following:
- Set the value of the following RSSPARM parameter to Y:
ONLI_DYNAM_PWX11 - Start the Online Interceptor STC:
S CTSAONI
Static installation
This procedure is used when password phrase exit is loaded by RACF from LPALIB as ICHPWX11 module.
Perform the following:
- Set the value of the following RSSPARM parameter to N:
ONLI_DYNAM_PWX11 - Compile the ICHPWX11 password passphrase exit by submitting the ASMPW11A job in the Connector INSTALL library.
All job steps must end with a condition code of 0. - Edit CPYPW11A member in the Connector INSTALL library.
This job copies CTSPW11A to your system LPA library as ICHPWX11. - Review the jobs and submit the jobs.
All job steps must end with a condition code of 0. - Stop all Connector processes.
- Ask the operator to perform IPL.
- After IPL operation, restart the following:
CTSGATE
CTSAONI
CA-ACF2
The new ACNPWPXT password phrase exit, intercepts password phrase (passphrase) change when:
- processing INSERT/CHANGE commands
- changing passphrase during LOGON processing
The ACNPWPXT exit sends the new passphrase to the Online Interceptor once it intercepts the change in phrase.
The ACNPWPXT password phrase exit can be applied/installed using either of the following methods:
- Method 1: Dynamic installation
- Method 2: Static installation
Dynamic installation
This procedure is used when Online Interceptor loads the password phrase exit from CA-ACF2 Connector LOAD library.
Perform the following:
- Set the value of the following RSSPARM parameter to Y:
ONLI_DYNAM_NPH - Start the Online Interceptor STC:
S CTSAONI
Static installation
This procedure is used when password phrase exit is loaded by CA-ACF2 from LPALIB as ACNPWPXT module.
Perform the following:
- Set the value of the following RSSPARM parameter to N:
ONLI_DYNAM_NPH - Compile the ACNPWPXT password passphrase exit by submitting the ASMNPHA job in the Connector INSTALL library.
All job steps must end with a condition code of 0. -
Edit CPYNPHA member in the Connector INSTALL library.
The job copies ACF2NPH to your system LPA library as ACNPWPXT. - Review the jobs and submit the jobs.
All job steps must end with a condition code of 0. - Stop all Connector processes.
- Use the following operator command to activate the exit:
SETPROG LPA
OrPerform IPL with CLPA option.
CA-Top Secret
Among various changes in CA-Top Secret database, the TSSINSTX Top Secret exit intercepts password phrase change when:
- processing REPLACE, ADDTO and CREATE Top-Secret commands
- changing passphrase during LOGON processing
The TSSINSTX exit sends the new passphrase to the Online Interceptor, once it intercepts the change.
For more information on applying / installing the password phrase exit for CA-Top Secret, refer to SailPoint Connector for CA-Top Secret Administration Guide.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
Hi!
We applied FSD0052 and the hold action refer that we should "FOLLOW THE INSTRUCTIONS IN THE PTF'S DESCRIPTION REGARDING
MEMBERS THAT NEED TO BE RECOMPILED."
We found this topic and first thing we noticed is that ONLI_DYNAM_PWX11 is not on the new RSSPARM member.
Should we add it "manually" to RSSPARM, in case we want to start Online Interceptor and we want to exploit this feature?
Is this behaviour normal?
Best regards!