CHANGE PHRASE
Change the password or password phrase that is recorded by RACF for a specified user ID.
Description
A user ID can have both a password and a password phrase. If PHRASELEN is between 1 and 8 characters, the phrase is treated as a password. If the length is between 9 and 100 characters, it is treated as a password phrase. You cannot use a 1- to 8-character password to change a password phrase. Similarly, you cannot use a 9- to 100-character password phrase to change a 1- to 8-character password.
Unlike the SIGNON command, CHANGE PHRASE does not depend upon the principal facility; therefore, it can be issued in non-terminal environments such as Web applications and APPC sessions.
Options
Options ESMRESP and ESMREASON return the response and reason codes, if any, from the ESM.
- CHANGETIME(data-area)
-
Returns the date and time the password or password phrase was last changed, in ABSTIME units.
When the external security manager is RACF®, the time is shown as midnight.
- DAYSLEFT(data-area)
-
Returns the number of days from now until the password or password phrase expires, in a halfword binary field.
If a user has a password or password phrase that does not expire, -1 is returned.
- ESMREASON(data-area)
- Returns the reason code, in a fullword binary field, that CICS® receives from the ESM.
If the ESM is RACF, this field is the RACF reason code.
- ESMRESP(data-area)
- Returns the response code, in a fullword binary field, that CICS receives from the ESM.
If the ESM is RACF, this field is the RACF return code.
- EXPIRYTIME(data-area)
-
Returns the date and time the password will expire, in ABSTIME units.
When the external security manager is RACF, the time is shown as midnight.
If a user has a password or password phrase that does not expire, -1 is returned.
- INVALIDCOUNT(data-area)
- Returns the number of times, in a halfword binary field, that an invalid password or password phrase was entered for this user.
- LASTUSETIME(data-area)
- Returns the data and time this user ID was last accessed, in ABSTIME units.
- NEWPHRASE(data-area)
- Specifies an optional 1- to 8-character new password or a 9- to 100-character new password
phrase required by the ESM. The password is changed only if the current password is correctly
specified. The password phrase is changed only if the current password phrase is correctly
specified.
If the ESM does not allow mixed case passwords, the 1- to 8-character password is converted to uppercase.
- NEWPHRASELEN(data-area)
- Specifies the length, as a fullword binary value, of the new password or password phrase.
- PHRASE(data-area)
- Specifies the current password or password phrase of the specified user ID.
If the ESM does not allow mixed case passwords, the 1- to 8-character password is converted to uppercase.
- PHRASELEN(data-area)
- Specifies the length, as a fullword binary value, of the current password or password phrase.
- USERID(data-value)
- Specifies the user ID of the user whose password or password phrase is being changed.
The user ID supplied is converted to uppercase.
Conditions
- 16 INVREQ
- RESP2 values:
- 2
- You cannot use a password to change a password phrase or a password phrase to change a password.
- 13
- The value that is returned by RACF in ESMRESP is not classified by CICS. See the ESM documentation for an explanation of the ESMRESP and ESMREASON values.
- 18
- The CICS ESM interface is not initialized.
- 29
- The ESM is not responding.
- 32
- The user ID field contains a blank character in an invalid position.
Default action: terminate the task abnormally.
- 22 LENGERR
- RESP2 values:
- 1
- PHRASELEN is out-of-range.
- 2
- NEWPHRASELEN is out-of-range.
- 70 NOTAUTH
- RESP2 values:
- 1
- The PHRASE field, the NEWPHRASE field, or both are blank.
- 2
- The supplied password or password phrase is wrong. If the ESM is RACF, the revoke count that is maintained by RACF is incremented.
- 4
- The new password or password phrase is not acceptable.
- 17
- The USERID is not authorized to use the application.
- 19
- The user ID is revoked.
- 20
- The connection to the user's default group has been revoked.
- 22
- The change password request failed during SECLABEL processing.
- 31
- The user is revoked in the connection to the default group.
Default action: terminate the task abnormally.
- 69 USERIDERR
- RESP2 values:
- 8
- The USERID is not known to the ESM.
Default action: terminate the task abnormally.