ACF2

 View Only
Back to discussions
Expand all | Collapse all

We have a user (another vendor) who has been using a non-expiring userid (which has the RESTRICT privilege) to create some scripts for us. Now when he incorporates that userid to logon to our CICS region, he gets prompted for a password, but if he enters

  • 1.  We have a user (another vendor) who has been using a non-expiring userid (which has the RESTRICT privilege) to create some scripts for us. Now when he incorporates that userid to logon to our CICS region, he gets prompted for a password, but if he enters

    Posted Apr 11, 2017 10:27 AM

    This is what the USERID looks like:

     

    HUBPERM EIC APHUBPERM PERM IVORY HUB ID 000000000
    COMPANY(EIC) DEPT( ) UNIT(AP)
    PRIVILEGES CICS RESTRICT TSO
    ACCESS ACC-CNT(0) ACC-DATE(00/00/00) ACC-TIME(00:00)
    PASSWORD KERB-VIO(0) KERBCURV() PSWD-DAT(00/00/00) PSWD-EXP
    PSWD-INV(0) PSWD-TOD(03/27/17-11:10) PSWD-VIO(0)
    PSWDCVIO(0) PWP-DATE(00/00/00) PWP-VIO(0)
    TSO DFT-PFX(HUBPERM)
    STATISTICS CRE-TOD(03/21/17-11:07) SEC-VIO(0)
    UPD-TOD(03/27/17-11:10)
    CICS CICSID(HUB)
    RESTRICTIONS PREFIX(HUBPERM)



  • 2.  Re: We have a user (another vendor) who has been using a non-expiring userid (which has the RESTRICT privilege) to create some scripts for us. Now when he incorporates that userid to logon to our CICS region, he gets prompted for a password, but if he ent

    Posted Apr 11, 2017 10:30 AM

    Looks like things got truncated...

     

    They get the ACF01006 message, PASSWORD NOT ALLOWED FOR LOGONID.

     

    What are we doing wrong?



  • 3.  Re: We have a user (another vendor) who has been using a non-expiring userid (which has the RESTRICT privilege) to create some scripts for us. Now when he incorporates that userid to logon to our CICS region, he gets prompted for a password, but if he ent
    Best Answer

    Broadcom Employee
    Posted Apr 11, 2017 10:34 AM

    A logonid with RESTRICT does not have a password.  ACF2 does not allow a RESTRICT logonid to logon to an interactive application like TSO and CICS.  RESTRICT logonids are meant for batch jobs.  You need to remove RESTRICT and make sure the logonid has a password.



  • 4.  Re: We have a user (another vendor) who has been using a non-expiring userid (which has the RESTRICT privilege) to create some scripts for us. Now when he incorporates that userid to logon to our CICS region, he gets prompted for a password, but if he ent

    Posted Apr 11, 2017 01:42 PM

    Thank you very much, Ken...Greatly appreciated. The ID has a password...just want to make sure it doesn't expire as they are building it into their scripts that they are developing for us.