When you share the RACF® database
and assign password phrases, it is important that each system sharing
the RACF database runs a level
of RACF that supports password
phrases.
If you share the RACF database
with a downlevel system that does not support password phrases,
the following restrictions apply.
Restrictions:
- If you issue the LISTUSER command or execute the database unload
(IRRDBU00) utility from a downlevel system, neither indicates the
presence of a password phrase assigned from an uplevel system.
- If you issue the ALTUSER command from a downlevel system to change
the password of a user who is assigned a password phrase, the PASSPHRASE
attribute is removed from the user's profile.
The user can
still use the password phrase on an uplevel system, but if you issue
the LISTUSER command or execute the database unload (IRRDBU00) utility
from an uplevel system, neither indicates the presence of a password
phrase for this user. An authorized user can restore the PASSPHRASE
attribute only by issuing the ALTUSER command from the uplevel system
to assign another password phrase to the user.
- Users who are assigned a password phrase cannot issue the
PASSWORD command from a downlevel system to change their own passwords.
When issued, the PASSWORD command fails with the following message:
ICH08008I userid NOT DEFINED TO USE A PASSWORD
Users
can still use their passwords on both uplevel and downlevel systems,
and use their password phrases on uplevel systems. The passwords of
users with a password phrase can be successfully changed on uplevel
systems, or in the following ways on downlevel systems:- Users change their own passwords at logon time, depending on the
application.
- An authorized user can change the passwords by issuing the ALTUSER
command from the uplevel system.