Password synchronization

With RRSF, users with multiple user IDs can keep their passwords and password phrases synchronized across RACF® databases. Password synchronization (for passwords and password phrases) can be requested between user IDs when a peer user ID association is established with the RACLINK command and the PWSYNC option is specified.

The passwords and password phrases of the user IDs need not to be synchronized at the time the association is requested, nor are they synchronized when the association is established. They are synchronized when either of the associated user IDs initiates a password or password phrase change. The password and password phrase history lists are updated on all systems where the change occurs.

Password synchronization can occur for password and password phrase changes initiated by:

Logon processing
The PASSWORD (or PHRASE) command
The ALTUSER command
Application programs that use the ICHEINTY, RACROUTE REQUEST=VERIFY, or RACROUTE REQUEST=EXTRACT,TYPE=REPLACE macro to supply the user's new password or password phrase in clear text form.
Application programs that use the ICHEINTY, RACROUTE REQUEST=VERIFY, or RACROUTE REQUEST=EXTRACT,TYPE=REPLACE macro to change:
- Both the password and the last password change date information, or
- Both the password phrase and the last password phrase change date information.
Application programs that use the ICHEINTY or RACROUTE REQUEST=EXTRACT,TYPE=REPLACE macro to change the last password or password phrase change date information, not the password or password phrase itself.

Note: Password and password phrase changes initiated by the ADDUSER command do not result in password synchronization because the new user ID is not yet part of a user ID association.

The security administrator can enable or disable password synchronization for user IDs that have established a peer user ID association with password synchronization requested. See Controlling password synchronization for more information.