Question & Answer
Question
Why do I receive message DFHXS1202 reporting my password is expired when I sign-on to a CICSPlex SM (CPSM) WUI using a passticket? I am able to sign-on directly to a CICS Transaction Server for z/OS (CICS TS) region using a passticket with no problem. My security manager is CA ACF2 from CA Technologies.
My real password is expired but I am not using my real password. I am using a passticket that is valid and not expired. If I update my real password, I no longer get message DFHXS1202.
This is the message I receive:
DFHXS1202 The password supplied in the verification request for userid userid has expired. This occurred in transaction tranid when userid userid was signed on at netname netname.
Answer
This happens when a CA external security manager (ESM) validates more than it should with IRRSPW00 (R_Password) support. Meaning, IRRSPW00 does not support passtickets. If the IRRSPW00 call was failed as expected, CICS would then issue a full VERIFYX call to do the validation which would return OK.
When the CA ESM returns OK on the IRRSPW00 call, CICS does its own expiry checking which catches the expired real password and explains the "expired" response in the DFHXS1202 message. When you experience this symptom, it implies CA ACF2 maintenance TR99035 is missing. This fix prevents PassTickets from being used by an AAM or MFA user on R_Password calls. It also corrects a problem where too much storage is getmained up front for R_Password calls. Ensure this fix is applied.
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
21 November 2017
UID
dwa1413343