The RACF password authentication exits

You can use the password authentication exits, ICHDEX01 and ICHDEX11, to control how RACF® either encodes or masks the RACF password or OIDCARD data that is stored in the RACF database. By default, RACF encoding uses a software implementation of the data encryption standard (DES) algorithm and RACF masking uses a masking routine. You can use the password authentication exits to replace the RACF DES encoding routine with your own routine.

Start of changeWhen the KDFAES algorithm is active, the password authentication exits have limited use. See Specifying the encryption method for user passwordsfor more details. End of change

Parent topic: Using RACF installation exits to customize RACF