Influencing REVOKE/CANCEL/SUSPEND Status and Rejecting Inbound Password Resets - Exit PSNCUX01
The password for a userid can be transparently reset without changing the current active status of the userid. By default, Mainframe Connector ships installation exit PSNCUX01 that leaves the current REVOKE/CANCEL/SUSPEND status of a userid unchanged.
If this default action is not appropriate, the site can provide a customized PSNCUX01 exit. PSNCUX01 is invoked twice for incoming transparent synchronization requests. The pre call occurs just prior to the password reset function in Mainframe Connector . The post call occurs following the password reset function invocation.
PSNCUX01 can also be used to reject an incoming password reset or resetexpire request. This can be useful for sites that want to be able to use their z/OS system as the final arbiter of a proposed new password value.
A sample PSNCUX01 exit is provided in member UX01SAMP of the Mainframe Connector installation library.
Following are the characteristics of the PSNCUX01 user exit:
Its name must be PSNCUX01 and it must reside in either the STEPLIB used for the Mainframe Connector started task or the system linklist
It should run AMODE(31) RMODE(24)
The exit is entered problem state key 8 and should return in this same state otherwise results are unpredictable
The exit must be reentrant
On entry to the exit, R1 points to the following parameter list:
UX01STAT DS XL1 EXIT INVOCATION STATE (PRE OR POST) UX01PRE EQU X'80' PRE INVOCATION UX01POST EQU X'40' POST INVOCATION UX01RSRV DS XL3 RESERVED UX01RSRC DS F RESET RETURN CODE (USED FOR POST CALL) UX01UID DS CL8 USERID FOR WHICH PASSWORD IS BEING RESET UX01USER DS F A WORD FOR THE USER UX01NPWD DS CL8 REQUESTED NEW PASSWORD VALUE UX01MSGB DS F ADDRESS OF 128-BYTE RETURN MESSAGE BUFFER THAT * CAN BE USED TO APPEND TO THE DEFAULT MESSAGE * THAT IS RETURNED TO THE PWD MANAGER SERVER WHEN * A M/F CONNECTOR RESET EVENT IS REJECTED BY * THE M/F CONNECTOR PSNCUX01 EXIT. THE FORMAT OF * THIS MESSAGE AREA IS AS FOLLOWS: * +0 - TWO BYTE LENGTH OF MESSAGE BEING * RETURNED (MAX OF 126) * +2 - 126-BYTE MESSAGE BUFFER
Member PUX01PRM in the INSTLIB dataset contains the DSECT mapping macro for the above parameter list.
for the pre exit call, R15 on return contains a return code that will be interpreted as follows:
R15=0 the current REVOKE/CANCEL/SUSPEND status for the userid will not be changed but the password will be reset to the new value. R15=4 the current REVOKE/CANCEL/SUSPEND status for the userid will be reset and the password will be reset to the new value. R15=8 the reset or resetexpire request should be terminated. The password value will not be reset to the requested new value.for the post exit call, UX01RSRC contains a return code value from the password revoke/reset request. If UX01RSRC=0 , the requested password reset and revoke update have been successful. Any other value in UX01RSRC indicates that the requested operation did not complete successfully.
UX01USER is a word of storage that can be used by the exit routine to maintain state information across the pre and post exit call.
UX01NPWD is the requested new password value for the reset or resetexpire request.
TopSecret ASUSPEND
If Mainframe Connector will be running in a TopSecret environment and you do not want a password reset event to reset the ASUSPEND attribute, see TopSecret and REMOVE ASUSPEND to alter this default function.
ACF2 CANCEL
If Mainframe Connector will be running in an ACF2 environment and you do not want a password reset event to reset the CANCEL flag, see ACF2 and Removing the CANCEL Flag to alter this default function.