If a user has been given a passphrase for logon, I would like the ability to no longer allow that user to log in with a password. Currently there is no way to do this other than to administratively randomize the user's password. But that is not an elegant solution and still leaves open the possibility of logon with the 8 character password if that password has been exposed via brute force methods.
RACF already allows for selective restricting of password checking in favor of passphrase. (See this document: IBM RACF: The Password Phrase Only ICHRIX02 Exit). I would like Top Secret to have identical functionality.