For ACF2, there is a setting which controls the maximum number of invalid password attempts in a single day. There are two counters maintained: - PSWD-INV, the maximum number of invalid attempts since the last successful logon; that counter is reset after a successful sign on - PSWD-VIO, the number of invalid attempts on PSWD-DAT, which is the date of the last invalid password attempt; that counter is not reset if the invalid attempt is on the same day
Once PSWD-VIO exceeds the threshold, the client is no longer allowed to sign on. Bill On Mar 21, 1:34 am, "Paul Phillips" <[EMAIL PROTECTED]> wrote: > This is a question for anyone familiar with CA-ACF2 under z/OS. > > Consider the following scenario in a z/OS and RACF environment: a user > attempts to logon to an application, but supplies the wrong password. As > long as the user enters the correct password before reaching the invalid > password limit in RACF, the user is allowed to sign on. If the limit is > exceeded, the userid is revoked and the user cannot sign on, even if the > correct password is given. > > As soon as the user signs on with the correct password, the invalid password > attempt count is reset, so the user could go through the same procedure > again. > > I have heard a suggestion that CA-ACF2 goes one step further, maintaining a > second count of the total number of invalid password attempts by this user, > regardless of any successful password attempts. > > Can anyone confirm or deny this suggestion? > > Paul Phillips ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
