Our requirement is to enable PWPHRASE, where PWPHRASE should be enabled for 90% of the users, these users should be able to login using password phrase only. The remaining 10% of the IDs are legacy IDs that require password signon only. What is the best approach and ACF2 settings required to accomplish this requirement.
GSO PWPHRASE ALLOW
GSO TSO PWPHRASE
For IDs that should authenticate using password phrase only, enable PWPONLY as logon ID attribute.
For IDs that should authenticate using password only, enable PWPORPWD.
We will enable NOCMD-CHG, to ensure end users are not allowed to set password phrase using ACF2 CHANGE command. This is to ensure that IDs that should authenticate using password only are not able to set password phrase. For IDs that should authenticate using password phrase only, a password phrase will be set by IAM team.
Will the above mentioned steps accomplish the requirement?