CHANGE PASSWORD

Change the password recorded by an external security manager (ESM) for a specified user ID.

CHANGE PASSWORD

Read syntax diagramSkip visual syntax diagramCHANGE PASSWORD( data-value)NEWPASSWORD( data-value)USERID( data-value)ESMREASON( data-area)ESMRESP( data-area)

Conditions: INVREQ, NOTAUTH, USERIDERR

This command is threadsafe.

Description

Unlike the SIGNON command, CHANGE PASSWORD does not depend upon the principal facility; therefore, it can be issued in non-terminal environments such as Web applications and APPC sessions.

Attention: You should clear the password fields on the EXEC CICS commands that have a password option as soon as possible after use. This is to ensure that passwords are not revealed in system or transaction dumps.

Options

Options ESMRESP and ESMREASON return the response and reason codes, if any, from the ESM.

ESMREASON(data-area)
Returns the reason code, in a fullword binary field, that CICS® receives from the ESM.

If the ESM is RACF®, this field is the RACF reason code.

ESMRESP(data-area)
Returns the response code, in a fullword binary field, that CICS receives from the ESM.

If the ESM is RACF, this field is the RACF return code.

NEWPASSWORD(data-value)
Specifies the new 8-character password for the specified user ID. The password is changed only if the current password is correctly specified.

If the ESM does not allow mixed case passwords, the password is converted to uppercase.

PASSWORD(data-value)
Specifies the current 8-character password for the specified user ID.

If the ESM does not allow mixed case passwords, the password is converted to uppercase.

USERID(data-value)
Specifies the 8-character user ID of the user whose password is being changed.

The user ID supplied is converted to uppercase.

Conditions

16 INVREQ
RESP2 values:
13
There is an unknown return code in ESMRESP from the ESM.
18
The CICS ESM interface is not initialized.
29
The ESM is not responding.

Default action: terminate the task abnormally.

70 NOTAUTH
RESP2 values:
1
The PASSWORD field, the NEWPASSWORD field, or both are blank.
2
The supplied password is wrong. If the ESM is RACF, the revoke count maintained by RACF is incremented.
4
The new password is not acceptable.
17
The USERID is not authorized to use the application.
19
The USERID is revoked.
22
The change password request failed during SECLABEL processing.
31
The user is revoked in the connection to the default group.

Default action: terminate the task abnormally.

69 USERIDERR
RESP2 values:
8
The USERID is not known to the ESM.

Default action: terminate the task abnormally.