CHANGE PASSWORD
Change the password that is recorded by RACF® for a specified user ID.
Description
Unlike the SIGNON command, CHANGE PASSWORD does not depend upon the principal facility; therefore, it can be issued in non-terminal environments such as Web applications and APPC sessions.
When this command is issued by a transaction running under CEDF, the password or password phrase (and new password or password phrase, where applicable) is blanked out.
Options
Options ESMRESP and ESMREASON return the response and reason codes, if any, from the ESM.
- CHANGETIME(data-area)
-
Returns the date and time the password was last changed, in ABSTIME units.
When the external security manager is RACF, the time is shown as midnight.
- DAYSLEFT(data-area)
-
Returns the number of days from now until the password expires, in a halfword binary field.
If a user has a password that does not expire, -1 is returned.
- ESMREASON(data-area)
- Returns the reason code, in a fullword binary field, that CICS® receives from the ESM.
If the ESM is RACF, this field is the RACF reason code.
- ESMRESP(data-area)
- Returns the response code, in a fullword binary field, that CICS receives from the ESM.
If the ESM is RACF, this field is the RACF return code.
- EXPIRYTIME(data-area)
-
Returns the date and time the password will expire, in ABSTIME units.
When the external security manager is RACF, the time is shown as midnight.
If a user has a password that does not expire, -1 is returned.
- INVALIDCOUNT(data-area)
-
Returns the number of times, in a halfword binary field, that an invalid password was entered for this user.
- LASTUSETIME(data-area)
- Returns the data and time this user ID was last accessed, in ABSTIME units.
- NEWPASSWORD(data-value)
- Specifies the new 8-character password for the specified user ID. The password is changed only
if the current password is correctly specified.
If the ESM does not allow mixed case passwords, the password is converted to uppercase.
- PASSWORD(data-value)
- Specifies the current 8-character password for the specified user ID.
If the ESM does not allow mixed case passwords, the password is converted to uppercase.
- USERID(data-value)
- Specifies the 8-character user ID of the user whose password is being changed.
The user ID supplied is converted to uppercase.
Conditions
- 16 INVREQ
- RESP2 values:
- 13
- The value that is returned by RACF in ESMRESP is not classified by CICS. See the ESM documentation for an explanation of the ESMRESP and ESMREASON values.
- 18
- The CICS ESM interface is not initialized.
- 29
- The ESM is not responding.
- 32
- The user ID field contains a blank character in an invalid position.
Default action: terminate the task abnormally.
- 70 NOTAUTH
- RESP2 values:
- 1
- The PASSWORD field, the NEWPASSWORD field, or both are blank.
- 2
- The supplied password is wrong. If the ESM is RACF, the revoke count maintained by RACF is incremented.
- 4
- The new password is not acceptable.
- 17
- The USERID is not authorized to use the application.
- 19
- The USERID is revoked.
- 22
- The change password request failed during SECLABEL processing.
- 31
- The user is revoked in the connection to the default group.
Default action: terminate the task abnormally.
- 69 USERIDERR
- RESP2 values:
- 8
- The USERID is not known to the ESM.
Default action: terminate the task abnormally.