Change the password recorded by an external security manager (ESM) for
a specified userid.

CHANGE PASSWORD
>>-CHANGE PASSWORD(data-value)--NEWPASSWORD(data-value)--------->
>--USERID(data-value)--+----------------------+----------------->
'-ESMREASON(data-area)-'
>--+--------------------+--------------------------------------><
'-ESMRESP(data-area)-'
Conditions: INVREQ, NOTAUTH, USERIDERR
Description
Unlike the SIGNON command, CHANGE PASSWORD does not depend upon the principal
facility, so it can be issued when the facility is an APPC session.
Attention: You should clear the password fields
on the EXEC
CICS® commands that have a password option as soon as possible after use.
This is to ensure that passwords are not revealed in system or transaction
dumps.
Options
Options ESMRESP and ESMREASON return the response and reason codes, if
any, from the external security manager.
- ESMREASON(data-area)
- returns the reason code, in a fullword binary field, that CICS receives from
the external security manager.
If the ESM is RACF®, this field is the RACF reason code.
- ESMRESP(data-area)
- returns the response code, in a fullword binary field, that CICS receives
from the external security manager.
If the ESM is RACF, this field
is the
RACF return code.
- NEWPASSWORD(data-value)
- specifies the new password, 8 characters, for the specified userid.
The password is changed only if the current password is correctly specified.
- PASSWORD(data-value)
- specifies the current password, 8 characters, for the specified userid.
- USERID(data-value)
- specifies the userid, 8 characters, of the user whose password is being
changed.
Conditions
- INVREQ
- RESP2 values:
- 13
- There is an unknown return code in ESMRESP from the external security
manager.
- 18
- The CICS external security manager interface is not initialized.
- 29
- The external security manager is not responding.
Default action: terminate the task abnormally.
- NOTAUTH
- RESP2 values:
- 2
- The supplied password is wrong. If the external security manager is RACF
, the revoke count maintained by RACF is incremented.
- 4
- The new password is not acceptable.
- 19
- The USERID is revoked.
- 22
- The change password request failed during SECLABEL processing.
- 31
- The user is revoked in the connection to the default group.
Default action: terminate the task abnormally.
- USERIDERR
- RESP2 values:
- 8
- The USERID is not known to the external security manager.
Default action: terminate the task abnormally.