TAA Tools
DSPPWDLMT2      DISPLAY PASSWORD LIMIT 2               TAASEGT

The Display  Password Limit  2 command  uses converted  data from  QHST
and  displays  or  prints  the  conditions  where a  user  profile  has
successfully  signed on  after one  or more  invalid password attempts.
This provides a good  review of authorized users  who may be trying  to
discover a password of another profile.

For example,  a user could know that  he gets 3 tries  to signon before
his  device  and/or profile  is  disabled.   He could  try  a different
profile for the first  2 tries and attempt to  guess the password.   On
the  3rd try  he  would  enter his  own  profile  and password  and  be
successfully signed on.

There are 2 choices for operating on QHST:

  **   If  you are using  the DSPQHST2 tool,  CVTQHST2 must be  used to
       convert QHST.  After CVTQHST2 is used, specify:

             DSPPWDLMT2  LIB(xxx)

  **   If you are not  using DSPQHST2, you must  first use the  CVTQHST
       command to  convert the QHST  log to the  QHSTP file in  a named
       library such as:

             CVTQHST    QHSTFILE(*ALL) QHSTPLIB(xxx)
                           FROMDATE(*TODAY)

       This converts all QHST messages for the current date.

       The DSPPWDLMT2 command may then be used:

             DSPPWDLMT2  LIB(xxx)

The  DSPPWDLMT2 USRPRF  parameter  defaults  to *ALL  meaning  all user
profiles  that have a  password.  Instead  of *ALL, you  may list up to
100 user  profiles which  you consider  security sensitive  and have  a
password.   The system  does not provide  a message in  QHST if  a user
attempts to signon to a user profile that does not have a password.

If  a CPF2234 message (invalid password)  exists, the profile attempted
to be signed onto  is checked against the  list supplied in the  USRPRF
parameter.    If  USRPRF(*ALL)  or  a  match  is  found  and  the  user
subsequently  signs  on  to  a  valid  user  profile, the  signed  onto
profile is listed  along with the  attempts made to  the user  profiles
identified in the USRPRF parameter.

Both type of QHST processing produce similar output.

An option  exists to bypass  the conditions where  the user entered  an
invalid  password (eg  transposed some  characters) and  then correctly
signed  onto  the  same user  profile.    This will  avoid  some normal
amount of clutter in the listing.

Differences with DSPPWDLMT
--------------------------

DSPPWDLMT lists  the  devices  and/or  users that  have  been  disabled
because the QMAXSIGN value has been exceeded.

DSPPWDLMT2 lists  the users who  have successfully signed on  after one
or  more   invalid  password  attempts  for  a  user  profile  that  is
specified in the USRPRF list.

Processing considerations
-------------------------

The DSPPWDLMT2  function  searches  for  the CPF2234  message  ID  that
describes that an  invalid password has been entered.   The information
about the device and user profile are stored in internal arrays.

If  the CPF1397 message appears,  the device has  been disabled (varied
off) and the condition is not noted.

If the  CPF1393 message  appears, the  user profile  has been  disabled
and the condition is not noted.

Both conditions are possible if the QMAXSGNACN system value is '3'.

If a  CPF1124 (job start)  message appears for  the same device  that a
CPF2234 message  was sent for,  the job and user  information is listed
along with the attempted signons.

The  internal entries are  reset following printing  or if the CPF1397,
CPF1393, or CPF1124 message appears.

All  array  entries  are  reset  if  the  CPF0993   message  (start  of
controlling subsystem) appears.

DSPPWDLMT2 escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   TYPE          The type of converted QHST file you are using.

                 *QHST should  be entered if  you have used  CVTQHST to
                 create a QHSTP file in a named library.

                 *QHST2  should be  entered if  you have  used CVTQHST2
                 to create a QHST2 file in a named library.

   LIB           The  library  containing  the  QHSTP  file  that   was
                 created  by  CVTQHST  or the  QHST2  file  created  by
                 CVTQHST2.   The  TYPE parameter determines  which file
                 must exist.

   USRPRF        A list of up  to 100 user  profiles that you  consider
                 security sensitive.    *ALL is  the default  and is  a
                 good choice in most situations.

                 If an  invalid password which is attempted  to be used
                 is  in the  list, and  a user  follows by successfully
                 signing  onto  a   profile,  the  condition  will   be
                 listed.

   OPTION        An  option   to  determine  whether   to  include  the
                 conditions   where  the  user   entered  one  or  more
                 invalid  passwords  for  a   user  profile  and   then
                 successfully signed onto the same profile.

                 *ALL is the  default to list all  conditions (none are
                 bypassed).

                 *DIFPRF  may be entered to  list only those conditions
                 where the user  had one  or more  invalid attempts  to
                 signon and then  successfully signed onto  a different
                 user profile.

   FROMDATE      The  date and  time of  the first  QHST message  to be
                 considered.   The default  is *FIRST to  use the first
                 QHST message in the file.

                 The special  value  *CURRENT may  be  entered to  mean
                 today's date.

                 A specific date  may be entered in job  format.  If no
                 date is entered, a date of Jan 1, 1940 is used.

                 A  specific time may be entered  in HHMMSS format.  If
                 no time is entered, a time of 000000 is used.

   TODATE        The  date  and  time  of   the  last  message  to   be
                 considered.  The  default is *LAST to  use the current
                 date and the last message in the file.

                 A specific  date may be entered in  job format.  If no
                 date is entered, the current date is used.

                 A specific time may be  entered in HHMMSS format.   If
                 no time is entered, a time of 235959 is used.

   OUTPUT        How  to output  the  results.   *  is the  default  to
                 display  the spooled  file if  the command  is entered
                 interactively.   The spooled file  is deleted after it
                 is displayed.

                 If the  command  is  entered  in batch  or  *PRINT  is
                 specified,  the spooled file  is output  and retained.

Restrictions
------------

There  is a  limit  of 25  user profile  names that  may be  stored per
device until reset by printing or a successful signon.

There is a  limit of  9999 devices that  may be stored  until reset  by
printing or a successful signon.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKOBJ3         Check object 3
     CVTTIM          Convert time
     DSPPWDLMT       Display password limit
     EDTVAR          Edit variable
     RSNLSTMSG       Resend last message
     RTVDAT          Retrieve date
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSPPWDLMT2    *CMD                   TAASEGT       QATTCMD
   TAASEGTC      *PGM       CLP         TAASEGTC      QATTCL
   TAASEGTR      *PGM       RPG         TAASEGTR      QATTRPG
   TAASEGTR2     *PGM       RPG         TAASEGTR2     QATTRPG

TAASEGTR reads the QHSTP file from CVTQHST.

TAASEGTR2 reads the QHST2 file from CVTQHST2.
					

Added to TAA Productivity tools January 1, 2007


Home Page Up to Top