Use the TERMPASS user exit to determine what action is taken if the maximum number of invalid passwords are issued from the same terminal when a user enters the LOGON, DIAL, or CP LOGON BY commands, or uses the LOGONBY Facility.
This exit is called only if the Rules Facility is implemented.
TERMPASS userid termaddr [logonid|userid2] pswd date time termtype
Specifies the user ID being logged on.
Specifies the terminal address from which access was attempted using the LOGONBY Facility, or the LOGON, LOGON BY, or DIAL commands. Exempt switched terminals from action taken in this user exit, because their addresses are not significant.
Note: For more information, see Terminal Addresses.
Possible forms of termaddr are:
|
termaddr |
Meaning |
|---|---|
|
nnnn |
Address of a real terminal device, represented by four hexadecimal digits. (Example: 0024) |
|
Lnnnn |
Address of a logical device, represented by an L and four hexadecimal digits. (Example: L0123) |
|
nnn.nnn.nnn.nnn |
Address of a TN3270 connected terminal, represented by an eight‑character hexadecimal representation of the standard dotted IPv4 address form. (Example: 0A005933 represents the dotted IP address 10.0.89.51) |
|
nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn |
Address of an IPv6 TN3270 connected terminal, represented by a standard IPv6 address. |
|
nnnnnnnn |
Address of an SNA or VTAM logical unit name. (Example: WEST0016) |
Specifies the temporary ID assigned to a VMDBK at logon or dial time.
Specifies the user ID that attempted to log on to userid using LOGONBY.
Specifies the invalid password supplied at the last logon, logonby, or dial attempt.
If you are configured for password phrases, then the pswd will be a quoted string if it contains imbedded blanks.
The sample user exit provided illustrates the techniques needed for parsing quoted string arguments.
Specifies the date in mm/dd/yy format when the number of invalid passwords from the same device reaches the maximum defined on the JOURNAL record in the SECURITY CONFIG file.
The time in hh:mm:ss format when the number of invalid passwords from the same device reaches the maximum defined on the JOURNAL record in the SECURITY CONFIG file.
Specifies the type of terminal from which access was attempted under the LOGONBY Facility, or the LOGON, LOGON BY, or DIAL commands.
|
termtype |
Means the address passed to the user exit is |
|---|---|
|
REAL |
A real terminal device |
|
LDEV |
A logical device |
|
IPADDR |
A TCP/IP‑created logical device |
|
NETID |
The address of an SNA or VTAM logical unit name |
The following table describes the return codes:
|
Return |
Meaning |
|
|---|---|---|
|
0 |
JOURNAL record count for termaddr is reset to zero. Future logon attempts are allowed. |
|
|
4 |
Invalid password journal count is maintained. Further attempts to access this userid from this specific terminal are disallowed. |
|
|
8 |
JOURNAL record count for userid is reset to zero and a rule is added to the OVERRIDE SYSRULES file; the rule prevents further logon attempts from device termaddr: |
|
|
|
For this |
This rule is added (If the terminal is a logical device, the rule specifies the LDEV option) |
|
|
DIAL |
REJECT termaddr DIAL |
|
|
LOGON |
REJECT termaddr LOGON |
|
|
LOGONBY |
REJECT termaddr LOGON |
CA VM:Secure calls the TERMPASS user exit when the number of invalid logon password attempts from the same device reaches the maximum, defined on the JOURNAL record in the SECURITY CONFIG file.
|
Copyright © 2014 CA.
All rights reserved.
|
|