Hi Andy, (cross-posted to IBM-MAIN and RACF-L) I would strongly advise against implementing ICHDEX01 and retaining the masked passwords. If at some point you want to implement KDFAES encryption, which I recommend be your goal, having masked passwords will prevent you from doing so. You'll have to convert them to DES before you can go to KDFAES. Rather than implementing ICHDEX01, I suggest you convert the masked passwords to DES now and be done with it. You can do so either by resetting the passwords as you have done in a few cases or converting the existing masked passwords to DES using PWDCOPY.
Regards, Bob Robert S. Hansel Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.twitter.com/RSH_RACF www.rshconsulting.com --------------------------------------------------------------------------- Upcoming RSH RACF Training - WebEx - RACF Audit & Compliance Roadmap - OCT 19-23, 2020 - RACF Level I Administration - DEC 7-11, 2020 - RACF Level II Administration - NOV 16-20, 2020 - RACF Level III Admin, Audit, & Compliance - NOV 2-6, 2020 - RACF - Securing z/OS UNIX - SEPT 28 - OCT 2, 2020 --------------------------------------------------------------------------- -----Original Message----- Date: Mon, 10 Aug 2020 15:08:18 +0000 From: "Pesce, Andy" <andy.pe...@autozone.com> Subject: RACF and ICHDEX01 Exit Good morning everyone ! I am going to post this over in the RACF Listserv as well. So, I am trying to go to z/OS 2.2 and I found this APAR OA49109. I have a ton of accounts that were created many years ago that are not able to login to z/OS 2.2. Of course once I go and change the password on the account it works fine. These accounts have not had their passwords changed since the late 90's. Anyone have a sample "ICHDEX01" or can point me to a sample of that exit. I want to be able to allow these old passwords that are still using the old encryption. Thanks in advance. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
