DB2 Connect now provides an ability to change user passwords. This facility is especially useful for situations where host security service such as Resource Access Control Facility (RACF) is used to authenticate users. Previously changing host password would require users to log in to a TSO session to change their password. With the new password maintenance support provided by the DB2 Connect products users can issue SQL CONNECT statement from DB2 Command Line Processor (CLP), use PASSWORD button on DB2 Client Configuration Assistant (CCA), or press CHANGE button on the ODBC login dialog to change their host password.
Changing MVS passwords from DB2 Connect workstations connected to DB2 for OS/390 V5.1 via TCP/IP requires that the DB2 OS/390 Extended Security Field be set to "Yes". This field appears in the DB2 OS/390 DSNTIPR panel.
Changing of MVS passwords on host systems connected via SNA requires that a special password expiration management program be set up on the host and that DB2 Connect workstation be configured to communicate with this host program.
The host password expiration management program is provided as part of the following MVS program products:
and has IBM Resource Access Control Facility (RACF) 1.9.2 installed.
You need to:
Once the host password expiration management transaction program is configured, you will need to configure your DB2 Connect workstation to communicate with the host program. This configuration involves two steps:
How you define symbolic destination name for the host password expiration management program depends on what SNA subsystem you are using:
When configuring symbolic destination name, you will also need to specify x'06F3F0F1' (hexadecimal number) for the Transaction Program (TP) name and set security to NONE. You can specify mode such as #INTER or any other mode that your MVS may suggest to you.
If you are running DB2 Connect on a platform that provides the CCA, then you should use it to update your DCS directory with the symbolic destination name for the host password expiration management program. You should be able to do this regardless of the SNA subsystem on your DB2 Connect workstation.
You can also use catalog dcs database command (from DB2 CLP) to record the symbolic destination name in the DCS directory. For example:
catalog dcs database db1 as dsn_db_1 parms ",,,,,,,CHGPWD_SDN=pempgm"
records pempgm as the symbolic destination name that is to be used when users request to change passwords for database db1.
For more detailed information on MVS passwords, consult one of the following online publications: