Top Secret TSS7005I messages for incorrect PASSTICKET violation but PTHRESH count never resets

book

Article ID: 211154

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

Running z/os 2.4 and Top Secret 16 and recently have noticed that some users are receiving TSS7005I messages when submitting jobs indicating a number of violations since last successful logon have occurred.  

The issue is that the PTHRESH number does not seem to  reset to 0 and in some cases just continues to increment.  

Cause

This issue is seen when a successful non-password signon or passticket signon occurs between invalid password occurrences. That activity resets the password violation count, preventing the user from reaching the PTHRESH threshold and being suspended.

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Solution SO01265  removed the PTHRESH counter reset for non-password signon and passtickets for Top Secret and ACF2.  Examples of non-password signons are TPX, System attempt MFA, RSA, PIV Card...passtickets. This is currently working as designed. Sustaining Engineering may review this design but no change is planned at this time.