Is there an ACF2 report on users that shows who is using password or password phrase to login?
Article ID: 142809
Updated On:
Products
Issue/Introduction
ACF2 cuts SMF records for many events. Is there a way to track users who is using password or password phrase at the time of LOGON in ACF2 ?
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
ACF2 had an enhancement added in 2019 with fix SO07040. With this enhancement, parameter LOGON can be used in the ACFRPTLL report.
//jobcard
//LLREPORT EXEC PGM=ACFRPTLL,REGION=0M
//*
//RECMAN1 DD DISP=SHR,DSN=your SMF dataset name
//*
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSIN DD *,DCB=BLKSIZE=80
TITLE(LOGON ACTIVITY)
LOGON
/*
//
Output will look like this:
DATE TIME LOGONID JOBNAME CHANGER CHANGE CPU USING
20.115 04/24 09.23 USER1 jobname LOGON sys1 PHRASE
20.115 04/24 09.23 USER2 jobname LOGON sys1 PASSWORD
If the PTF is not applied, refer to Article Id: 26487 for information on tracking a logon event.
ACF2 does not cut an SMF record for a LOGOFF event. Use product COMPLIANCE EVENT MANAGER for tracking events like that.
Additional Information
PTF #: SO07040
Product: ACF2MS Release: 16.0
ENHANCEMENT DESCRIPTION:
Two new parms are being added to the LL Report:
LOGON|NOLOGON - Default NOLOGON
LGNTYPE(logontype)
LOGON|NOLOGON indicates whether or not the report should be based
on performing an UPDATE report displaying the method used for the
system entry. SUMMARY format will be forced when LOGON is specified.
LGNTYPE(logontype) is optional and allows the user to restrict the
report to a specific type of system entry. LGNTYPE options are:
AAM
KERBEROS
MFA
NOPASSWD
PASS-TKT
PASSWORD
PHRASE
PIV-CAC
RADIUS
Feedback
