KERBVIO Keyword—Count Attempts to Use a Key

Keywords › KERBVIO Keyword—Count Attempts to Use a Key

KERBVIO Keyword—Count Attempts to Use a Key

Valid on z/OS.

Use the KERBVIO keyword to count unsuccessful attempts to use a Network Authentication Service key. This count is incremented when an incorrect password is entered in response to a kinit function. When KERBVIO contains a value, which exceeds the CA Top Secret PTHRESH, the associated acid is suspended, and the value of KERBVIO is reset to zero. Manipulation of this field should be handled entirely by requests to the Kerberos server. In cases where corruption has made internal processing impossible to reset, the field can be removed from the associated acid and the system will automatically re-initialize it to zero on the next kinit function.

Important! Do not ADD or REPLACE the value of KERBVIO. This has unpredictable effects.

This keyword has the following format:

TSS REMOVE(acid) KERBVIO

acid: Specifies the accessor ID of the user whose KERBVIO value is being reset.

This keyword is used with:

The REMOVE command
The ACID types User, DCA, VCA, ZCA, LSCA, and SCA
ACID(MAINTAIN) authority
Administrators who do not have ACID(MAINTAIN) authority can remove the KERBVIO field for users within their scope if given UPDATE access to entity TSSCMD.USER.REMOVE.KERBVIO in the CASECAUT resource class

Example: KERBVIO keyword

This example resets the value of KERBVIO to zero on the acid KRBPEON:

TSS REMOVE(KRBPEON) KERBVIO