If a password check or change operation is successful, the Platform Services process for z/OS updates the contents of the native security system database to reflect the validated or new password. This allows the user to log on using the last password that worked on an z/OS system if the driver, eDirectory™, or the network is not available.
The z/OS Platform Receiver updates passwords in the security system database when password synchronization information is received from a Core Driver for password change events in eDirectory. To configure Core Drivers to send password synchronization information to the z/OS platform, use the Web interface to set Permit Password Replication to Yes or If Available for the Platform object. For details about using the Web interface, see Section II, Core Driver Administration.
Both the Authentication Services Include/Exclude list and the Identity Provisioning Include/Exclude list affect aspects of password replication on z/OS. Consider the need for symmetry between the two Include/Exclude lists if you use password replication.