How can a site extract a report where a given user had his password changed?
Release : 16.0
Component : CA ACF2 for z/OS
There are two ways to report on when a user changed their password.
The first method is to LIST the logonid from TSO, ACF or from an ACFBATCH job and check for the PSWD-TOD date which indicates the date and time when a password was last changed.
list usrtest
USRTEST 021 USRTEST USRTEST USER
COMPANY(0) DEPT() IDNUM(1234) LEVEL(1)
PRIVILEGES ACCOUNT ACTIVE(06/12/89) AUDIT CICS DUMPAUTH JOB
ACCESS ACC-CNT(302) ACC-DATE(10/13/20) ACC-SRCE(xxxxxx)
ACC-TIME(08:05)
PASSWORD KERB-VIO(0) KERBCURV() MAXDAYS(366)
PSWA1TOD(09/03/20-12:52) PSWA2TOD(00/00/00-00:00)
PSWD-DAT(00/00/00) PSWD-INV(0) PSWD-SRC(A28LO904)
PSWD-TIM(09:51) PSWD-TOD(09/03/20-12:52) PSWD-VIO(0)
PSWDCVIO(32) PWP-DATE(00/00/00) PWP-VIO(0)
TSO ATTR2(9999) DFT-PFX(USRTEST) DFT-SOUT(A) DFT-SUBM(A)
INTERCOM JCL LGN-ACCT LGN-PROC LGN-SIZE LINE(ATTN) MAIL
MODE MSGID NOTICES PROMPT TSOACCT(0000099) TSOFSCRN
TSOPROC(PROCnnn) TSORGN(4,096) TSOSIZE(4,096) WTP
STATISTICS CRE-TOD(03/26/19-13:06) SEC-VIO(188)
UPD-TOD(10/13/20-11:58)
CICS CICSCL(111111) CICSRSL(999999)
RESTRICTIONS GROUP(DFTGRP) PREFIX(USRTEST)
The second method is to run the ACFRPTSL report and specify the user(logonid) in the MASK field. For example:
//REPORT EXEC PGM=ACFRPTSL
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
TITLE(LIST LID PSWD CHANGE)
INPUT(ACF2)
REPORT(SHORT)
MASK(USRTEST)
SFLDS(PSWD-TOD)
/*
Sample report output:
CA ACF2 - ACFRPTSL - LOGONID SUPERLIST REPORT - PAGE 2
DATE 10/15/20 (20.289) TIME 10.21 LIST LIDS WITH TSOCMDS
LOGONID NAME DATE TIME CHANGER PSWD-TOD
USRTEST USRTEST USER 10/15/20-10:17 10/15/20-10:17