Password synchronization, automatic direction of commands, and
automatic password direction can be active at the same time. These
functions interact as follows:
- When a password or password phrase change is made at logon:
- Password synchronization sends the change to users with approved
PEER PWSYNC associations, if the user changing the password or password
phrase is authorized to the appropriate password synchronization resource.
- If automatic password direction is enabled on the system, and
the user who changed the password or password phrase is authorized
to one or more profiles, the change is automatically directed to the
same user IDs on the nodes defined by the RRSFDATA profiles that protect
automatic password direction.
- A password or password phrase changed by the PASSWORD command
is not directed by automatic password direction. It is directed
by automatic direction of commands based on RRSFDATA profile setup.
Also, if the user is authorized to the appropriate password synchronization
resource, password and password phrase changes are sent to users with
approved PEER PWSYNC associations with the user whose password or
password phrase was changed.
- Password synchronization and automatic password direction do not handle
updates initiated by the ADDUSER command. Users who participate in
password synchronization must be initially defined to RACF® before automatic direction can occur. The
ADDUSER command can be directed by automatic direction of commands
based on RRSFDATA profile setup.
- The ALTUSER and PASSWORD commands must be automatically directed
to maintain the synchronization of user passwords and password phrases
for the same user IDs across RRSF nodes. The automatic direction of
commands RRSFDATA profiles that protect AUTODIRECT.node.USER.ALTUSER and AUTODIRECT.node.USER.PASSWORD control
this automatic direction. The RRSFDATA profiles that protect automatic password direction are not
checked for the automatic direction of the ALTUSER and PASSWORD commands.
- A password or password phrase change by other methods, such as
at logon or by an installation-written application, is not directed
by automatic direction of commands. These changes are sent to users
with the same name if automatic password direction is in effect. Also,
if the user is authorized to the appropriate profile in the RRSFDATA
class, the changes are sent to users with approved PEER PWSYNC associations
with the user whose password or password phrase was changed.