Change the password or password phrase recorded by an external security manager (ESM) for a specified user ID.
CHANGE PHRASE >>-CHANGE PHRASE(data-area)--PHRASELEN(data-value)--------------> >--NEWPHRASE(data-area)--NEWPHRASELEN(data-value)---------------> >--USERID(data-value)--+----------------------+-----------------> '-ESMREASON(data-area)-' >--+--------------------+-------------------------------------->< '-ESMRESP(data-area)-'
Conditions: INVREQ, LENGERR, NOTAUTH, USERIDERR
This command is threadsafe.
A user ID can have both a password and a password phrase. If PHRASELEN is between 1 and 8 characters, the phrase is treated as a password. If the length is between 9 and 100 characters, it is treated as a password phrase. You cannot use a 1- to 8-character password to change a password phrase. Similarly, you cannot use a 9- to 100-character password phrase to change a 1- to 8-character password.
Unlike the SIGNON command, CHANGE PHRASE does not depend upon the principal facility, therefore it can be issued in non-terminal environments such as Web applications and APPC sessions.
Attention: To ensure that passwords are not revealed in system or transaction dumps, clear the password or password phrase fields on the EXEC CICS commands that have a password or password phrase option as soon as possible after use.
Options ESMRESP and ESMREASON return the response and reason codes, if any, from the external security manager.
If the ESM is RACF®, this field is the RACF reason code.
If the ESM is RACF, this field is the RACF return code.
If the ESM does not allow mixed case passwords, the 1- to 8-character password is converted to uppercase.
If the ESM does not allow mixed case passwords, the 1- to 8-character password is converted to uppercase.
The user ID supplied is converted to uppercase.
Default action: terminate the task abnormally.
Default action: terminate the task abnormally.
Default action: terminate the task abnormally.