The ICHPWX11 exit is invoked in the following ways:
- Through RACROUTE REQUEST=VERIFY processing
If a new
password phrase is to be processed, REQUEST=VERIFY performs the following
functions after invoking ICHRIX01 (if ICHRIX01 is present):
- Validates the new password phrase for compliance with RACF's password
phrase rules
- Verifies that the new password phrase differs from the current
password phrase
- If the SETROPTS PASSWORD(HISTORY) option is active, verifies that
the new password phrase differs from the previous password phrases
If the password phrase passes these checks, REQUEST=VERIFY invokes
ICHPWX11.
- Through the ADDUSER command
After parsing the command
and checking the user's authorization, if the PHRASE keyword is specified
ADDUSER validates the new password phrase for compliance with RACF's
password phrase rules and invokes ICHPWX11.
- Through the ALTUSER command
After parsing the command
and checking the user's authorization, if the PHRASE keyword is specified
ALTUSER validates the new password phrase for compliance with RACF's
password phrase rules and invokes ICHPWX11.
- Through the PASSWORD or PHRASE command
If the PHRASE
keyword is specified, the command performs the following functions:
- Validates the new password phrase for compliance with RACF's password
phrase rules
- Verifies that the new password phrase differs from the current
password phrase
- If the SETROPTS PASSWORD(HISTORY) option is active, verifies that
the new password phrase differs from the previous password phrases
If the password phrase passes these checks, the command invokes
ICHPWX11.
z/OS Security Server RACF System Programmer's Guide
Copyright IBM Corporation 1990, 2014