Hi We have implemented it for a while now. Activated KDFAES with SETR command and password expiration did the rest.
Regards Jack On Fri, Apr 25, 2025, 20:12 Jasi Grewal < [email protected]> wrote: > Greetings, > > > We are planning to migrate to the KDFAES encryption algorithm for the RACF > database and would like to know if you have followed a similar process. > Please review the steps below and confirm if our assumptions are correct > regarding the migration to KDFAES standards, or if we are missing any steps: > > - > Request all teams to initiate the SMPE Fix Category using the following, > and apply it to their respective products such as DB2, IMS, and CICS: > IBM.Function.RACF.PasswordEncryption > > - > Request application programmers to verify their application programs for > any RACROUTE statements using TYPE=ENCRYPT or TYPE=EXTRACT. > > - > Review RACF exits, especially ICHDEX01. > > - > Enable the CPACF HMC feature. > > - > Make a copy of your current RACF database. > > - > Activate this copy on a test system. > > - > On the test system, activate KDFAES with the command: > SETR PASSWORD(ALGORITHM(KDFAES)) > > - > If we experience issues, deactivate it using: > SETR PASSWORD(NOALGORITHM) > > > Concern: > We would like to better understand the impact of the following IBM > recommendation and explore ways to minimize disruption: > > “Perform a bulk password change, notifying users of their pending new > password.”Additionally, please ensure the following actions are taken: > > > - > Activate KDFAES on the test system. > > - > Remove ICHDEX01 if it is currently installed in your system. > > > Looking forward to your feedback and confirmation. > Thank You in advance,Best regards,Jasi Grewal. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
