Your installation might wish to use the DES algorithm without using the two-step method of checking. For example, if your installation has never used the masking algorithm, or if all of your users' passwords have been RACF® DES-encoded, you do not need the two-step method.

There is an extremely remote possibility that DES-encrypting a user ID with the real password could give the same result as masking the user ID with a different password, allowing a password that is not valid to be accepted. As long as your installation uses the two-step method of checking, your installation might have an exposure. You can minimize this possibility by using the DES algorithm without the two-step method of checking if you do not need to check for masked passwords.

To use the DES algorithm without the two-step method of checking, write an ICHDEX01 exit (in the link pack area) that sets the return code to 8. See Password authentication exits.