APPC password expiration management
APPC password expiration management (PEM) with CICS® provides receive support for an APPC architected sign-on transaction.
Stabilization notice: Support for APPC PEM is stabilized. The PEM
server does not support password phrases. To support authentication with password phrases when using
CICS Transaction Gateway, you must migrate from APPC to IP interconnectivity (IPIC) and change your
application code to use a current External Security Interface (ESI) API such as
CICS_VerifyPassword and CICS_ChangePassword as described in
the CICS Transaction Gateway for Multiplatforms product
documentation.
Note: In the information about APPC PEM, sign-on is used in the sense defined in the
APPC architecture, which is different from the meaning used elsewhere in CICS documentation.
What APPC PEM does
APPC PEM with CICS provides receive support for an APPC
architected sign-on transaction that verifies user ID, password pairs, and processes requests for a
password change by:
- Identifying a user and authenticating that user's identification
- Notifying specific users during the authentication process that their passwords have expired
- Letting users change their passwords when (or before) the passwords expire
- Telling users how long their current passwords will remain valid
- Providing information about unauthorized attempts to access the system using a particular user identifier
Benefits of APPC PEM
APPC PEM has the following benefits:
- It enables users to update passwords on APPC links.
This can be particularly useful in the case of expired passwords. On APPC links that do not support APPC PEM, when users' passwords expire on remote systems, they are unable to update them from their own systems. The only alternative on a non-APPC PEM system is to log on directly to the remote system using a non-APPC link, such as an LU2 3270-emulation session, to update the password.
- It provides APPC users with additional information regarding their sign-on status; for example, the date and time at which they last signed on.
- It informs users whether their userid is revoked, or the password has expired, when they provide the correct password or PassTicket.
Sample program
You might find it useful to copy and modify an example program. For your guidance, a sample program is shipped in library CICSTS56.CICS.SDFHSAMP. The program is DFH$SNPW, the PEM sample program for Windows NT.