How to identify users with no password(NOPW) in Top Secret

search cancel

How to identify users with no password(NOPW) in Top Secret

book

Article ID: 33687

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Is there a way to identify acids that have NOPW?

Environment

Release: TOPSEC00200-16-Top Secret-Security
Component:

Resolution

To identify all acids without a password, the MSCA can issue the following TSS command:
TSS LIST(ACIDS) DATA(PASSWORD)
NOTE**The above command should be run in off hours because it is I/O intensive.

To identify a specific acid without a password, the MSCA can issue the following TSS command:
TSS LIST(acid#) DATA(PASSWORD)
Where acid# is the acid to be listed.
The list will show *NOPW* as password, indicating that the acid doesn't have a password.
When the password is blanked out, it means that the acid has a true password.

Example #1:

TSS LIST(acidxx) DATA(PASSWORD) will show:

ACCESSORID = acidxx NAME = REGION ACID

PASSWORD = *NOPW*

TSS0300I LIST FUNCTION SUCCESSFUL

The *NOPW* indicates that the acid does not have a password.

Example #2:

TSS LIST(ACID#) DATA(PASSWORD)

ACCESSORID = ACID# NAME = ACID NAME

PASSWORD =

TSS0300I LIST FUNCTION SUCCESSFUL

The blanked out password indicates the the acid has a password.

You can also run TSSCFILE (must be run by the MSCA) with TSS LIST(ACIDS) DATA(PASSWORD).

The password field will show two different values:
PASSWORD = *NOPW*
PASSWORD =

The *NOPW* means the acid does not have a password.
The blank means that the acid has a password.
You can look at record type 3000 for the password field value and look at those acids that have *NOPW*.

Note: If Top Secret r16 fixes SO10461 and SO10967 are applied, an SCA with the following access:
CASECAUT(TSSCMD.USER.LIST.NOPW) ACCESS(USE)
can also list ACIDs with NOPW.

Feedback

thumb_up Yes

thumb_down No