search cancel

ACF2 Password Change Report for a logonid changes their password?

book

Article ID: 201547

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

How can a site extract a report where a given user had his password changed?

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

There are two ways to report on when a user changed their password.

The first method is to LIST the logonid from TSO, ACF or from an ACFBATCH job and check for the PSWD-TOD date which indicates the date and time when a password was last changed.

list usrtest                                                                   

  USRTEST              021          USRTEST  USRTEST USER
                       COMPANY(0) DEPT() IDNUM(1234) LEVEL(1)
  PRIVILEGES           ACCOUNT ACTIVE(06/12/89) AUDIT CICS DUMPAUTH JOB 
  ACCESS               ACC-CNT(302) ACC-DATE(10/13/20) ACC-SRCE(Z99LO999)     
                       ACC-TIME(08:05)                                         
  PASSWORD             KERB-VIO(0) KERBCURV() MAXDAYS(366)                     
                       PSWA1TOD(09/03/20-12:52) PSWA2TOD(00/00/00-00:00)       
                       PSWD-DAT(00/00/00) PSWD-INV(0) PSWD-SRC(A28LO904)       
                       PSWD-TIM(09:51) PSWD-TOD(09/03/20-12:52) PSWD-VIO(0)    
                       PSWDCVIO(32) PWP-DATE(00/00/00) PWP-VIO(0)             
  TSO                  ATTR2(9999) DFT-PFX(USRTEST) DFT-SOUT(A) DFT-SUBM(A)    
                       INTERCOM JCL LGN-ACCT LGN-PROC LGN-SIZE LINE(ATTN) MAIL
                       MODE MSGID NOTICES PROMPT TSOACCT(0000099) TSOFSCRN     
                       TSOPROC(PROC999) TSORGN(4,096) TSOSIZE(4,096) WTP       
  STATISTICS           CRE-TOD(03/26/19-13:06) SEC-VIO(188)                    
                       UPD-TOD(10/13/20-11:58)                                 
  CICS                 CICSCL(111111) CICSRSL(999999)                          
  RESTRICTIONS           GROUP(DFTGRP) PREFIX(USRTEST)  

The second method is to run the ACFRPTSL report and specify the user(logonid) in the MASK field. For example:

//REPORT  EXEC PGM=ACFRPTSL    
//SYSPRINT DD SYSOUT=*         
//SYSIN    DD *                
 TITLE(LIST LID PSWD CHANGE) 
 INPUT(ACF2)                   
 REPORT(SHORT)                 
 MASK(USRTEST)                 
 SFLDS(PSWD-TOD)               
/*               

Sample report output:              

CA ACF2 - ACFRPTSL - LOGONID SUPERLIST REPORT -                 PAGE    2
DATE 10/15/20 (20.289) TIME 10.21 LIST LIDS WITH TSOCMDS                 
    LOGONID  NAME                  DATE   TIME   CHANGER  PSWD-TOD                                            

    USRTEST  USRTEST USER         10/15/20-10:17          10/15/20-10:17