Previous Topic: Shutdown EventNext Topic: Trace Message On a User


Password Verification Event

Password verification event type messages indicate that a user failed to change his account's password.

Audit records in this event have the following format:

Date Time Status Event UserName Details Reason AuditFlags
Date

Identifies the date the event occurred.

Format: DD MMM YYYY

Note: CA ControlMinder Endpoint Management formats the date display according to your computer's settings.

Time

Identifies the time the event occurred.

Format: HH:MM:SS

Note: CA ControlMinder Endpoint Management formats the time display according to your computer's settings.

Status

Indicates the return code for the event.

Value: F (Failed)—Failed to change the account password.

Event Type

Identifies the type of event this record belongs to.

Note: CA ControlMinder Endpoint Management refers to this field simply as Event.

User Name

Identifies the name of the user to which the password attempt was applied.

Details

Indicates why the password change attempt failed.

Note: The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the password quality code. In a detailed output or in CA ControlMinder Endpoint Management, the audit record displays the message associated with the password quality code. For a complete list of password quality codes, run seaudit -t.

Reason

Indicates the reason that CA ControlMinder wrote an audit record.

Note: This field does not display in a detailed seaudit output or in CA ControlMinder Endpoint Management. The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the reason code. For a complete list of reason codes, run seaudit -t.

Audit Flags

Indicates whether the accessor is internal (CA ControlMinder database user) or an enterprise user.

Note: If the accessor is an enterprise user, the audit record you see in a non-detailed seaudit output displays the string "(OS user)" in this field. Otherwise, this field remains empty.

Example: Password Verification Event Message

The following audit record was taken from a detailed seaudit output.

02 Dec 2008 10:23:47 F PASSWORD     test1         1 10                 
Event type: Password verification
Status: Failed
User name: test1
Details: Password too short
Audit flags: AC database user

This audit record indicates that on December 2nd 2008, the user attempting to change his account password was denied because the password did not meet the minimum required number of characters, as defined by the password policy (authorization stage code 1—Password too short). CA ControlMinder logged this event message according to an explicit request (reason code 10—An explicit request to log the operation was received).

More information:

Reason Codes That Specify Why a Record Was Created

Authorization Stage Codes for Password Verification Events