DFHCE3500 when using password with embedded equal sign

Question & Answer

Question

I am having a problem with our CICS Transaction Server for z/OS (CICS TS) initial dialog if there is an equal sign '=' included within the password. I am using the keyword form of signon as follows:

CESN USERID=uuuuuuuu,PS=ppppppp

When the password field contains an embedded equal sign '=', the CESN transaction fails with the following message:

DFHCE3500 Unable to interpret keyword data. Sign-on is terminated.

RACF documentation indicates the '=' is allowed within passwords. Other applications allow the password to contain an embedded '=' as well. Why does CICS return message DFHCE3500 when an equal sign is in the password?

Answer

The CESN transaction makes use of the equal sign (=) as a delimiter to indicate a field value follows. As a solution, make use of the CESL transaction and enclose the password with single quotes. For example:

CESL USERID=userid,PS='ABCD=FGH'

This will allow the '=' to be passed on to the external security manager (ESM) and processed correctly. Note, if using a script or program to issue the keyword form of sign-on with CESL, there is no harm to always enclose the password in quotes which makes the script or program change very easy.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Was this topic helpful?

Document Information

Modified date:
06 August 2018

UID

dwa1462414

Tips