search cancel

Top Secret TSS7005I messages for incorrect PASSTICKET violation but PTHRESH count never resets


Article ID: 211154


Updated On:


Top Secret


Running z/os 2.4 and Top Secret 16 and recently have noticed that some users are receiving TSS7005I messages when submitting jobs indicating a number of violations since last successful logon have occurred.  

The issue is that the PTHRESH number does not seem to  reset to 0 and in some cases just continues to increment.  


Release : 16.0

Component : CA Top Secret for z/OS


This issue is seen when a successful non-password signon or passticket signon occurs between invalid password occurrences. That activity resets the password violation count, preventing the user from reaching the PTHRESH threshold and being suspended.


Solution SO01265  removed the PTHRESH counter reset for non-password signon and passtickets for Top Secret and ACF2.  Examples of non-password signons are TPX, System attempt MFA, RSA, PIV Card...passtickets. This is currently working as designed. Sustaining Engineering may review this design but no change is planned at this time.