Password Changes Not Reflected In TSSAUDIT Report Totals
search cancel

Password Changes Not Reflected In TSSAUDIT Report Totals

book

Article ID: 54005

calendar_today

Updated On:

Products

WEB ADMINISTRATOR FOR TOP SECRET Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Symptoms:

When running a TSSAUDIT Changes Report the changes are listed and then the type of changes are then totaled at the bottom. The Password changes do not show in the totals at the end of the report.

 INCOMING PARAMETER ===>         CHANGES CA(ACIDERK )DATE(-03)
 ETRUST CA-TOP SECRET VERSION 12.0                           AUDIT UTILITY
+                                                           _____________       
-                                          ----- LISTING OF CHANGES TO SECURITY
-CHANGER    DATE     TIME   SYSID TYPE                      COMMAND/IMAGE
 ======== ======== ======== ===== ==== ====================================
 
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1115 ) PASS( ?,0) INST( 1234YJ
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1116 ) PASS( ?,0) INST( 2234I3
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1117 ) PASS( ?,0) INST( 3434B1
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1118 ) PASS( ?,0) INST( 1122VC
 ACIDERK  10/23/08 07:19:03 DSYS  CMND TSS REP(ACID1119 ) PASS( ?,0) INST( 2222FD
 ACIDERK  10/23/08 07:19:03 DSYS  CMND TSS REP(ACID1120 ) PASS( ?,0) INST( 69115B
 ETRUST CA-TOP SECRET VERSION 12.0                           AUDIT UTILITY       
 
                                        ----- LISTING OF CHANGES TO SECURITY 
 
                                        ALL CHANGES WITHIN SCOPE LIST
                                                                               
                                        TSS COMMAND CHANGES = 00006
                                        PASSWORD CHANGES = 00000       **PASSWORD CHANGES ABOVE NOT COUNTED**
                                        PHRASE CHANGES = 00000
                                        DYNAMIC UPDATES = 00000

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

The Password changes were issued via the replace command. The TSS REPLACE(acid) PASSWORD(...) command is considered a command change and NOT a password change. In order for a password change to be counted in the PASSWORD CHANGES tally at the end of the report, it has to be changed at the time of signon on the signon screen.

The same is true for PHRASE CHANGES. The TSS REPLACE(acid) PHRASE(...) command is considered a command change and NOT a phrase change. In order for a phrase change to be counted in the PHRASE CHANGES tally at the end of the report, it has to be changed at the time of signon on the signon screen.