Working with a few user exits to try and capture the condition where a user is suspended during signon. These tests are prototypes at this juncture. Interested in SEVPRE/SEVPOST, but results are confirming this may not be the case.  

Not able to capture the LIDREC record for the TSO id that is being forced a suspension due to password violations ACF01013. The ACVLID contains the id, but all LIDREC addresses are 0 (as documented) and the ACVRECB does not contain the LID record. Message is ‘ACF01013 LOGONID lid SUSPENDED BECAUSE OF PASSWORD VIOLATIONS’.

Release : 16.0

There are two options:

1. To capture the LIDREC record for the TSO id that is being forced a suspension due to password violations ACF01013:
   
   In the SFXP from the SEVPOST Exit there is a word made up of 4 bytes, SXPFLAG1, SXPFLAG2, SXPCMPID, and SXPMSGID showing the following when the id is suspended. x'8800010D'. The signon failed/denied and message supplied bits are on. The x'010D' indicates the message ACF01013 was issued. This is the message that is issued during signon (on the terminal) that reports to the user that the id is suspended because of password violations.
   
   SXPFLAG1 A one-byte flag used to modify or clarify the function being performed by the service function. The following flag values are supported:
   • SXPFFAIL-X'80'. The service function has reached a point in its processing where it fails or denies the caller's request. You can use the message ID (and its associated component ID) to determine the reason for the failure. The exit cannot override this condition; however, you can perform some secondary action (such as changing the message to be issued). You cannot use this field to suppress database update processing. If the exit sets this field, the field is ignored. You can, however, set an invalid (nonzero) return code in R15 to fail the request and suppress the database update processing.
   • SXPFRMSF - X'40'. The service function has modified the database record. Because the preprocessing exit is called before any database I/O, this flag is always zero for this exit. If this flag is not set, the SXPORECA and SXPNRECA fields point to identical record images.
   • SXPPSTKT - X'20'. The password that was passed for this system entry request is a passticket. This indicator is only available in the SEVPOST exit. Because the preprocessing exit is called before the password is processed, this flag is always zero for this exit.
   • SXPFRFDR - X'08'. The SXPRSBA field points to the ACF2 Field Definition Record (ACFFDR) module instead of a standard RSB.
     
     

SXPFLAG2 A one-byte flag used to modify the action of the service function upon return from the exit. The exit might set one of the following flag values:

• • SXPFXMSG-X'80'. The exit has provided a message in the requester's message buffer that the service function should not overwrite. Take care not to suppress relevant information that would typically be returned to the requester in the message buffer. If the exit sets a zero return code in R15, subsequent processing in the service function or a later exit call might override the message. However, if a nonzero return code is set, the service function does not override the message, unless a critical error occurs.
  • SXPFNUPD-X'40'. The update of the database should be suppressed even if the primary function performed is completed successfully (for example, system entry validation). If the primary function is to update the database record, the function will fail when this flag is set.
    
    

SXPCMPID A one-byte field that indicates the component ID responsible for issuing the message identified by the SXPMSGID field. The two hexadecimal digits of this byte are the fourth and fifth characters of the eight-character message ID.

SXPMSGID A one-byte field that indicates the message ID to be returned to the caller from the service function. You can use this message ID to determine the reason for a failure indicated by the SXPFFAIL flag. This message ID is the binary value of the last three digits of the message ID.

2. To capture the LIDREC record for the TSO id that is being forced a suspension due to password violations.
   
   The users LIDREC is not available in SEVPRE, it is passed to  SEVPOST exit.
   
   The System Entry Validation Postprocessing Exit (SEVPOST)lets you inspect and modify a system entry validation (SEV) request after the validation has been performed. 
   
   The ACFSFXP parameter list is passed to SEVPOST; however, because other exits use this parameter list, not all fields relate to SEVPOST. The ACFSFXP parameter list includes the SXPORECA and SXPNRECA fields related to the LIDREC.      
   
   SXPORECA is a four-byte address of the retrieved record from the database, if any, for the service function being performed.
   
   SXPORECL is a four-byte field that indicates the length of the retrieved database record, if any, for the service function being performed.