Influencing REVOKE/CANCEL/SUSPEND Status and Rejecting Inbound Password Phrase Resets - Exit PSNCUX04
The password phrase for a userid can be reset without changing the current active status of the userid. By default, Mainframe Connector ships installation exit PSNCUX04 that leaves the current REVOKE/CANCEL/SUSPEND status of a userid unchanged.
If this default action is not appropriate, the site can provide a customized PSNCUX04 exit. PSNCUX04 is invoked twice for incoming transparent synchronization requests. The pre call occurs just prior to the password phrase reset function in Mainframe Connector . The post call occurs following the password phrase reset function invocation.
PSNCUX04 can also be used to reject an incoming password phrase reset or resetexpire request. This can be useful for sites that want to be able to use their z/OS system as the final arbiter of a proposed new password phrase value.
A sample PSNCUX04 exit is provided in member UX04SAMP of the Mainframe Connector installation library.
Following are the characteristics of the PSNCUX04 user exit:
Its name must be PSNCUX04 and it must reside in either the STEPLIB used for the Mainframe Connector started task or the system linklist
It should run AMODE(31) RMODE(24)
The exit is entered problem state key 8 and should return in this same state otherwise results are unpredictable
The exit must be reentrant
On entry to the exit, R1 points to the following parameter list:
UX04STAT DS XL1 EXIT INVOCATION STATE (PRE OR POST) UX04PRE EQU X'80' PRE INVOCATION UX04POST EQU X'40' POST INVOCATION UX04RSRV DS XL3 RESERVED UX04RSRC DS F RESET RETURN CODE (USED FOR POST CALL) UX04UID DS CL8 USERID FOR WHICH PWD PHRASE IS BEING RESET UX04USER DS F A WORD FOR THE USER UX04NPHR DS CL100 REQUESTED NEW PASSWORD PHRASE VALUE UX04MSGB DS F ADDRESS OF 128-BYTE RETURN MESSAGE BUFFER THAT * CAN BE USED TO APPEND TO THE DEFAULT MESSAGE * THAT IS RETURNED TO THE PWD MANAGER SERVER WHEN * A M/F CONNECTOR RESET EVENT IS REJECTED BY * THE M/F CONNECTOR PSNCUX04 EXIT. THE FORMAT OF * THIS MESSAGE AREA IS AS FOLLOWS: * +0 - TWO BYTE LENGTH OF MESSAGE BEING * RETURNED (MAX OF 126) * +2 - 126-BYTE MESSAGE BUFFER
Member PUX04PRM in the INSTLIB dataset contains the DSECT mapping macro for the above parameter list.
For the pre exit call, R15 on return contains a return code that will be interpreted as follows:
R15=0 the current REVOKE/CANCEL/SUSPEND status for the userid will not be changed but the password phrase will be reset to the new value. R15=4 the current REVOKE/CANCEL/SUSPEND status for the userid will be reset and the password phrase will be reset to the new value. R15=8 the reset or resetexpire request should be terminated. The password phrase value will not be reset to the requested new value.For the post exit call, UX04RSRC contains a return code value from the password phrase revoke/reset request. If UX04RSRC=0 , the requested password phrase reset and revoke update have been successful. Any other value in UX04RSRC indicates that the requested operation did not complete successfully.
UX04USER is a word of storage that can be used by the exit routine to maintain state information across the pre and post exit call.
UX04NPHR is the requested new password phrase value for the reset or resetexpire request.
TopSecret ASUSPEND
If Mainframe Connector will be running in a TopSecret environment and you do not want a password phrase reset event to reset the ASUSPEND attribute, see TopSecret and REMOVE ASUSPEND to alter this default function.
ACF2 CANCEL
If Mainframe Connector will be running in an ACF2 environment and you do not want a password phrase reset event to reset the CANCEL flag, see ACF2 and Removing the CANCEL Flag to alter this default function.