Specific Control Options › PTHRESH—Password Violation Threshold

PTHRESH—Password Violation Threshold

Valid on z/OS and z/VM.

Use the PTHRESH control option to specify the maximum password violation threshold. If the user exceeds the specified threshold by entering the wrong password too many times, CA Top Secret suspends the ACID.

Note the following rules:

• Password thresholding only pertains to incorrect passwords. It does not pertain to missing passwords, or new‑password specification violations. Password specification and reverification both are counted.
• Each user ACID has an associated invalid password counter.
• CA Top Secret counts invalid password attempts from the last valid signon.

All entry methods are accepted.

This control option has the following format:

PTHRESH(0|nnn)

0

Deactivates password thresholding.

nnn

Specifies the number of incorrect passwords a user can enter before being suspended.

Range: 1 to 254

Default: 4

Example: PTHRESH control option

In this example, if a user enters an invalid password twice in succession, but successfully signs on with their third attempt, CA Top Secret resets the counter to 0. However, if the user enters an invalid password for the third straight time, CA Top Secret suspends this user after his third violation:

F TSS,PTHRESH(2)