cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Support for Password Phrase Interception (RACF, CA-ACF2 and CA-Top Secret)

Support for Password Phrase Interception (RACF, CA-ACF2 and CA-Top Secret)

This fix enables interception of password phrase change for RACF, CA-ACF2 and CA-Top Secret.

 

RACF

The new ICHPWX11 password phrase exit, intercepts password phrase (passphrase) change when:

  • processing ADDUSER, ALTUSER, PASSWORD or PHRASE commands
  • changing passphrase during LOGON processing

The ICHPWX11 exit sends the new passphrase to the Online Interceptor once it intercepts the change in phrase.               

 

The ICHPWX11 password phrase exit can be applied/installed using either of the following methods:

  • Method 1: Dynamic installation
  • Method 2: Static installation

 

Dynamic installation

This procedure is used when Online Interceptor loads the password phrase exit from RACF Connector LOAD library.

Perform the following:   

  1. Set the value of the following RSSPARM parameter to Y:
    ONLI_DYNAM_PWX11
  2. Start the Online Interceptor STC:
    S CTSAONI

 

Static installation

This procedure is used when password phrase exit is loaded by RACF from LPALIB as ICHPWX11 module.                 

Perform the following:                   

  1. Set the value of the following RSSPARM parameter to N:
    ONLI_DYNAM_PWX11
  2. Compile the ICHPWX11 password passphrase exit by submitting the ASMPW11A job in the Connector INSTALL library.
    All job steps must end with a condition code of 0.                         
  3. Edit CPYPW11A member in the Connector INSTALL library.
    This job copies CTSPW11A to your system LPA library as ICHPWX11.                                 
  4. Review the jobs and submit the jobs.
    All job steps must end with a condition code of 0.   
  5. Stop all Connector processes.               
  6. Ask the operator to perform IPL.             
  7. After IPL operation, restart the following:
    CTSGATE
    CTSAONI

 

CA-ACF2

The new ACNPWPXT password phrase exit, intercepts password phrase (passphrase) change when:

  • processing INSERT/CHANGE commands
  • changing passphrase during LOGON processing

The ACNPWPXT exit sends the new passphrase to the Online Interceptor once it intercepts the change in phrase.

         

The ACNPWPXT password phrase exit can be applied/installed using either of the following methods:

  • Method 1: Dynamic installation
  • Method 2: Static installation

 

Dynamic installation

This procedure is used when Online Interceptor loads the password phrase exit from CA-ACF2 Connector LOAD library.

Perform the following:   

  1. Set the value of the following RSSPARM parameter to Y:
    ONLI_DYNAM_NPH
  2. Start the Online Interceptor STC:
    S CTSAONI

 

Static installation

This procedure is used when password phrase exit is loaded by CA-ACF2 from LPALIB as ACNPWPXT module.

Perform the following:                   

  1. Set the value of the following RSSPARM parameter to N:
    ONLI_DYNAM_NPH
  2. Compile the ACNPWPXT password passphrase exit by submitting the ASMNPHA job in the Connector INSTALL library.
    All job steps must end with a condition code of 0.                         
  3. Edit CPYNPHA member in the Connector INSTALL library.

    The job copies ACF2NPH to your system LPA library as ACNPWPXT.                                 
  4. Review the jobs and submit the jobs.
    All job steps must end with a condition code of 0.   
  5. Stop all Connector processes.               
  6. Use the following operator command to activate the exit:

    SETPROG LPA
    Or

    Perform IPL with CLPA option.

 

CA-Top Secret

Among various changes in CA-Top Secret database, the TSSINSTX Top Secret exit intercepts password phrase change when:

  • processing REPLACE, ADDTO and CREATE Top-Secret commands
  • changing passphrase during LOGON processing

The TSSINSTX exit sends the new passphrase to the Online Interceptor, once it intercepts the change.

For more information on applying / installing the password phrase exit for CA-Top Secret, refer to  SailPoint Connector for CA-Top Secret Administration Guide.

Comments

Hi!

 

We applied FSD0052 and the hold action refer that we should "FOLLOW THE INSTRUCTIONS IN THE PTF'S DESCRIPTION REGARDING
MEMBERS THAT NEED TO BE RECOMPILED."

We found this topic and first thing we noticed is that ONLI_DYNAM_PWX11 is not on the new RSSPARM member.

Should we add it "manually" to RSSPARM, in case we want to start Online Interceptor and we want to exploit this feature?

Is this behaviour normal?

 

Best regards!

Version history
Revision #:
3 of 3
Last update:
‎Nov 20, 2023 02:50 PM
Updated by:
 
Contributors