You can specify logon attempt limits. If the limit specified on the CA VM:Secure JOURNAL record is greater than the value specified by the JOURNALING statement in CP SYSTEM CONFIG, logon attempts are terminated by CP first. However, the CA VM:Secure JOURNAL count is cumulative and continues to monitor further invalid logon attempts. To prevent confusion about different journal counts, use the following journaling statement:
Journaling, /* Set Up Journaling Facility */ Facility on, /* Turn On Journaling */ Set_and_Query on, /* Allow Set & Query Journaling Cmds */ Logon, /* Set Up Logon Journaling Values */ Message after 0 attempts to operator, Account after 0 attempts, VM_logo after 0 attempts, Lockout after 255 attempts for 10 minutes,
Note: For more information about the JOURNALING statement, see the appropriate IBM planning and administration documentation.
Example
The following record appears in the SECURITY CONFIG file:
JOURNAL 3 6
If JACK enters three consecutive invalid logon passwords, a message is sent to the system operator. If JACK continues to guess at the logon password, he will not be able to log on after six invalid logon passwords.
|
Copyright © 2014 CA.
All rights reserved.
|
|