Greetings,
We are planning to migrate to the KDFAES encryption algorithm for the RACF database and would like to know if you have followed a similar process. Please review the steps below and confirm if our assumptions are correct regarding the migration to KDFAES standards, or if we are missing any steps: - Request all teams to initiate the SMPE Fix Category using the following, and apply it to their respective products such as DB2, IMS, and CICS: IBM.Function.RACF.PasswordEncryption - Request application programmers to verify their application programs for any RACROUTE statements using TYPE=ENCRYPT or TYPE=EXTRACT. - Review RACF exits, especially ICHDEX01. - Enable the CPACF HMC feature. - Make a copy of your current RACF database. - Activate this copy on a test system. - On the test system, activate KDFAES with the command: SETR PASSWORD(ALGORITHM(KDFAES)) - If we experience issues, deactivate it using: SETR PASSWORD(NOALGORITHM) Concern: We would like to better understand the impact of the following IBM recommendation and explore ways to minimize disruption: “Perform a bulk password change, notifying users of their pending new password.”Additionally, please ensure the following actions are taken: - Activate KDFAES on the test system. - Remove ICHDEX01 if it is currently installed in your system. Looking forward to your feedback and confirmation. Thank You in advance,Best regards,Jasi Grewal. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
