search cancel

An ACID created over a year ago never became inactive and was able to sign on. Why?

book

Article ID: 53977

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Question:

An acid created with PASS(xxxxxx,,EXP) is able to sign on for the first time over a year after being created. INACTIVE(30) is set in the parmfile.

Answer:

It doesn't matter in this scenario what the INACTIVE parameter is set to. The counter does not start until the acid signs on and becomes active and the password expires. After signing on and changing the password, the acid would then have to be inactive for 30 days after the password has expired. At this point access will be denied and the acid will become suspended.
Also note that an acid does not become suspended until a sign on is attempted. There must be a check against the acid to determine that it has been inactive for too long.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: