Find Last Password Change Date For Top Secret ACIDs

book

Article ID: 194020

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP CA Web Administrator for Top Secret

Issue/Introduction

Is there a way to show last password change date for ACIDs in Top Secret?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Top Secret does not record on the ACID when the passwords in the history were changed except for the most recent password change for ACIDs with a password expiration interval. To find this, issue TSS LIST(acid) DATA(PASS), then subtract the password interval from the EXPIRES date. However, if an administrator expired the password upon change (via TSS REPL(acid) PASS(xxx,,EXP), this method can not be used because the expires date will be 01/01/80, which indicates the password has been set to expire via the EXP keyword. When a password is changed, the change is stored in the Top Secret recovery file. If the recovery file data is archived when the recovery file wraps, restore the data and run a TSSAUDIT CHANGES STRING(acid) to see the changes for the ACID and then look for when the password was changed for that ACID. (This is a roundabout way, but will give the desired results.)