A fix is available
APAR status
Closed as program error.
Error description
An MFA user wants to signon and also change their password. They do so using the following command; EXEC CICS SIGNON(userid) PHRASE(racfpwd:token) NEWPHRASE(newracfpwd) This returns INVREQ,RESP2=2 (A password cannot be used to change a password phrase or a password phrase cannot be used to change a password.) If the user wanted to change their password phrase then this would work successfully.
Local fix
usermode
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: MFA user is unable to change their * * password using EXEC CICS SIGNON or EXEC * * CICS CHANGE PHRASE commands. * **************************************************************** An MFA user with a password attempts to use EXEC CICS SIGNON PHRASE(pwd:token) NEWPHRASE(newpwd) to signon and change their password. Due to the need to supply the MFA token the PHRASELEN is greater than 8 but the NEWPHRASELEN is less than or equal to 8. CICS detects the apparent mismatch of a password being used to change a phrase and returns INVREQ with RESP2=2 without even calling the ESM. The same is true if EXEC CICS CHANGE PHRASE is used instead. If the MFA user wants to change their password phrase then the commands would work correctly and the phrase would be changed.
Problem conclusion
CICS has been changed to no longer perform a pre-check for a mismatch between passwords and phrases. The ESM will now be called in that scenario. If the call to the ESM to change the password fails (8/10/0) then CICS will check for the mismatch and return INVREQ with RESP2=2 as before. In the case of a signon, message DFHSN1108 will now be issued when the signon fails due to this mismatch.
Temporary fix
Comments
APAR Information
APAR number
PH14095
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-07-08
Closed date
2019-07-24
Last modified date
2019-08-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI64392 UI64393 UI64394 UI64395
Modules/Macros
DFHSNPU DFHSNTU DFHSNUS DFHUSAD DFHUSADT DFHXSPW DFHXSSB DFHXSSBT
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R000 PSY UI64394
UP19/07/25 P F907
R100 PSY UI64395
UP19/07/25 P F907
R200 PSY UI64392
UP19/07/26 P F907
R900 PSY UI64393
UP19/07/27 P F907
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 August 2019