search cancel

Top Secret TSS7005I messages for incorrect PASSTICKET violation but PTHRESH count never resets

book

Article ID: 211154

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Running z/os 2.4 and Top Secret 16 and recently have noticed that some users are receiving TSS7005I messages when submitting jobs indicating a number of violations since last successful logon have occurred.  

The issue is that the PTHRESH number does not seem to  reset to 0 and in some cases just continues to increment.  

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Cause

This issue is seen when a successful non-password signon or passticket signon occurs between invalid password occurrences. That activity resets the password violation count, preventing the user from reaching the PTHRESH threshold and being suspended.

Resolution

Solution SO01265  removed the PTHRESH counter reset for non-password signon and passtickets for Top Secret and ACF2.  Examples of non-password signons are TPX, System attempt MFA, RSA, PIV Card...passtickets. This is currently working as designed. Sustaining Engineering may review this design but no change is planned at this time.