Previous Topic: Running the Report Manually and Using ACFRPTSNext Topic: Running the Rule ID Modification Log (RL)

Running the Invalid Password/Authority Log (PW)Sample Report

Sample Report

CA ACF2 for z/VM SECURITY - ACFRPTPW - INVALID PASSWORD/AUTHORITY LOG-PAGE 1
DATE 06/09/98 (98.161) TIME 11.25 For TLC Group
 
    DATE     TIME  LID    JNAME  SUBMIT’R SOURCE  PROGRAM  RC   L  CPU
 
98.092 04/01 08.48 TLCDRV        REVERIFY                  29      4381
98.161 06/09 07.12 TLCGBL                 GRAF-4E1         12      4381
98.161 06/09 09.24 TLCST                  V06U8024         12      4381
97.216 08/03 11.39 RCSS1                  GRAF-4DF         80      4381

The first line of the report displays the report name and page number. The second line displays the date of the report (in Gregorian and Julian format), the time (in military clock format), and the subtitle of the report (if the user specified one).

Other fields of the report are:

DATE

The date (in Julian and Gregorian format) of the attempted system access. The Gregorian format is mm/dd or dd/mm, depending on VMO records.

TIME

The time the validation occurred.

LID

The logonid used for system access. For group machine logons, this is the group user. For autologs, this is the user ID of the machine that issued the AUTOLOG command. For DIAL, this is the logonid entered to identify the user. MASK selects on this field.

JNAME

The VM user ID for which access is attempted. For logon of group machines, this is the group ID. For AUTOLOG commands, this is the machine to be autologged. For DIAL commands, this is the machine specified by the DIAL command. JOBMASK selects on this field. If you process SMF records from a z/OS system under VM, it displays the name of the job stream running at the time of the change. For a TSO session, this field is usually the same as the user’s logonid.

SUBMIT’R

This field indicates the user ID that requested the system access or password reverification. This field displays REVERIFY (if the request originated with the user’s ID, for example, an ACF command password change) or if it is the user ID that is making this request (for example, DIRMAINT).

SOURCE

The logical input source where the system was accessed.

PROGRAM

VM uses this field to identify the type of system access that was attempted. This could be LOGON, AUTOLOG, or DIAL. If you process SMF records from a z/OS system under VM, it displays the name of the program that submitted the job using a restricted logonid. An asterisk (*) preceding the name indicates the program is APF‑authorized. The program name is the name of the load module that did the actual submission of the job. It may not be the same as the program specified in the EXEC statement.

RC

The reason code indicating why CA ACF2 for z/VM denied or logged the access.

An asterisk (*) positioned before the reason code indicates a reason code of another product; it is not a CA ACF2 for z/VM reason code. When an asterisk appears in this column, refer to the documentation for the issuing extended user authentication program specified in the AUTH column of this report.

Some common reason codes are:

4

Logonid lid not found.

5

Unauthorized system access ‑ contact your security administrator.

6

Password not allowed for this logonid.

8

Unauthorized input source for logonid.

9

Logonid not valid for submission by program.

10

Logonid canceled.

11

Logonid suspended.

12

Password not matched.

13

Logonid suspended because of password violations.

14

Logonid expired.

15

Invalid password syntax.

17

Password for logonid has expired.

18

The syntax for the new password is invalid and the old password expired.

19

Password less than minimum length.

20

New password is too short and old password expired.

21

Password expired and cannot be altered.

23

New password is the same as old password and old password expired.

26

User exit denied access.

29

Password reverification failed.

30

Logonid has the STC attribute‑logon denied.

32

Logon denied‑invalid source.

60

Zone record for logonid not found.

61

Shift record not found.

62

Irrecoverable error in shift processing routines.

63

Outside of shift controls.

73

User exit denied new password.

79

User exit denied new password.

80

Logon not allowed, logonid has AUTOONLY attribute.

81

Access denied. The user is not in the directory or is defined as a NOLOG user.

82

System entry denied due to a missing LIDVMACT logonid field

83

User entered an account number other than the one defined in his LIDVMACT

84

Logonid denied, user ID same as attach validation key.

110

Logon attempt by an invalid user ID.

111

Logon attempt by an invalid logonid.

112

Logon attempt to groupid by an invalid logonid. Job name (JNAME) in report is the group ID for the logon being attempted.

113

DIAL attempt by invalid logonid. Job name (JNAME) is the target user ID for the DIAL command.

120

Logonid attempt for invalid user ID from source.

121

User authentication exit (DMKAB1PX).

122

Logonid prevalidation exit (LGNIXIT).

123

Logon postvalidation exit (LGNPXIT).

126

The request caused a database I/O error.

135

Logshift allowed system access.

255

The site New Password Exit (NEWPXIT) issued this return code. The meaning depends on the exit code.

L

An asterisk indicates CA ACF2 for z/VM allowed but logged the access. A blank indicates CA ACF2 for z/VM denied the access.

CPU

The VM CPU ID of the CPU where validation occurred. CA ACF2 for z/VM only uses the first four characters of the eight‑character CPU ID name.

AUTH

This is a field that is used by z/OS only. It contains the user authentication device attribute name, if applicable. If a user authentication exit denied access, the reason code field is prefixed with an asterisk (*).