Symptoms:
When running a TSSAUDIT Changes Report the changes are listed and then the type of changes are then totaled at the bottom. The Password changes do not show in the totals at the end of the report.
INCOMING PARAMETER ===> CHANGES CA(ACIDERK )DATE(-03) ETRUST CA-TOP SECRET VERSION 12.0 AUDIT UTILITY + _____________ - ----- LISTING OF CHANGES TO SECURITY -CHANGER DATE TIME SYSID TYPE COMMAND/IMAGE ======== ======== ======== ===== ==== ==================================== ACIDERK 10/23/08 07:19:02 DSYS CMND TSS REP(ACID1115 ) PASS( ?,0) INST( 1234YJ ACIDERK 10/23/08 07:19:02 DSYS CMND TSS REP(ACID1116 ) PASS( ?,0) INST( 2234I3 ACIDERK 10/23/08 07:19:02 DSYS CMND TSS REP(ACID1117 ) PASS( ?,0) INST( 3434B1 ACIDERK 10/23/08 07:19:02 DSYS CMND TSS REP(ACID1118 ) PASS( ?,0) INST( 1122VC ACIDERK 10/23/08 07:19:03 DSYS CMND TSS REP(ACID1119 ) PASS( ?,0) INST( 2222FD ACIDERK 10/23/08 07:19:03 DSYS CMND TSS REP(ACID1120 ) PASS( ?,0) INST( 69115B ETRUST CA-TOP SECRET VERSION 12.0 AUDIT UTILITY ----- LISTING OF CHANGES TO SECURITY ALL CHANGES WITHIN SCOPE LIST TSS COMMAND CHANGES = 00006 PASSWORD CHANGES = 00000 **PASSWORD CHANGES ABOVE NOT COUNTED** PHRASE CHANGES = 00000 DYNAMIC UPDATES = 00000
The Password changes were issued via the replace command. The TSS REPLACE(acid) PASSWORD(...) command is considered a command change and NOT a password change. In order for a password change to be counted in the PASSWORD CHANGES tally at the end of the report, it has to be changed at the time of signon on the signon screen.
The same is true for PHRASE CHANGES. The TSS REPLACE(acid) PHRASE(...) command is considered a command change and NOT a phrase change. In order for a phrase change to be counted in the PHRASE CHANGES tally at the end of the report, it has to be changed at the time of signon on the signon screen.