Release : 16.0

Component : CA Top Secret for z/OS

Top Secret does not record on the ACID when the passwords in the history were changed except for the most recent password change for ACIDs with a password expiration interval. To find this, issue TSS LIST(acid) DATA(PASS), then subtract the password interval from the EXPIRES date. However, if an administrator expired the password upon change (via TSS REPL(acid) PASS(xxx,,EXP), this method can not be used because the expires date will be 01/01/80, which indicates the password has been set to expire via the EXP keyword. When a password is changed, the change is stored in the Top Secret recovery file. If the recovery file data is archived when the recovery file wraps, restore the data and run a TSSAUDIT CHANGES STRING(acid) to see the changes for the ACID and then look for when the password was changed for that ACID. (This is a roundabout way, but will give the desired results.)