Hi Jan,
Probably this should be a support case, but IDMS when handling External security for RESTYPE=SGON does not know what the external security manager is so we cannot know what encryption it may use. We do use RACROUTE because TSS and ACF2 support it, but always send the password as entered by the user at the terminal.
What RACF does with the password to validate it is not something IDMS knows.
We don't see how this can affect IDMS using external security, but are curious about what changes you refer to that may need to be made in applications.
Brian