Configuration File Reference › JOURNAL Record (CA VM:Secure only) › Definitions

Definitions

warning

Specifies the number of consecutive invalid password attempts recorded for a user ID or device address after which a warning message appears on the system operator’s console. The minimum is 0, the maximum is 99999999.

maximum

Specifies the number of consecutive invalid password attempts recorded for a user ID or device address after which a restrictive action is taken. The minimum is 0, the maximum is 99999999. This option is valid only if the Rules Facility is implemented.

After this maximum is reached, the attempting user ID or the device address from which the invalid attempts were made can no longer do any of the following:

• Use CA VM:Secure commands if the password violations were in response to the logon password validation prompt for a CA VM:Secure command.
• Define a directory link for any minidisks belonging to the user ID whose link passwords were violated.
• Use the CP AUTOLOG, DIAL, LINK, LOGON, LOGON BY, XAUTOLOG commands, LOGONBY Facility requests, or attempts at password checking using Diagnose X’A0’ subcode 4 depending on which monitored condition went over the maximum:
  • When the maximum number of invalid autolog or xautolog attempts is reached, CA VM:Secure adds the applicable rule to the rules file for the user ID being autologged or xautologged:

       REJECT userid AUTOLOG (NOTIFY
       REJECT userid XAUTOLOG (NOTIFY
    

    These rules prevent the requesting user ID from further AUTOLOG and XAUTOLOG attempts on the target user ID. The addition of these rules is not subject to the TERMPASS or the USERPASS user exits.

  • When the maximum number of invalid link attempts is reached, CA VM:Secure adds the following rule to the target user’s rules file:

        REJECT userid LINK vaddr (NOTIFY
    

    These rules prevents the requesting user ID from further link attempts on the target user ID ’s virtual address. CA VM:Secure adds the previous rules whether or not the RULEUPDT user exit is implemented.

  • When the maximum number of invalid logon attempts is reached, CA VM:Secure adds the REJECT LOGON rule to the system override rules and the target user ID’s rules. The addition of this rule is subject to the implementation of both the TERMPASS and the USERPASS user exits: addition of the rule to the system override rules requires that the TERMPASS user exit be implemented; addition of the rule to the target user ID requires that the USERPASS user exit be implemented.
  • When the maximum number of invalid DIAL attempts is reached, CA VM:Secure adds the REJECT DIAL rule to the system override rules. The addition of this rule is subject to the implementation of the TERMPASS user exit.