ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When using SSH private/public key authentication, is ACF2 logonid SUSPEND or PSWD-EXP checked?

book

Article ID: 226259

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

When using SSH on z/OS (server) with private/public key authentication rather than a USER/PW, what happens if the userid's PW expires or one cannot use it with a PW due to too many invalid PWs?  Will it still work with SSH and private/public key authentication?

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

If using a certificate rather than logonid/password the initACEE processing for signon with a certificate will check the logonid SUSPEND bit but not the PSWD-EXP, PSWD-VIO or PSWD-INV fields.