Issue:
I'm having difficulty resetting a user for four (4) invalid logon attempts. There is a journal but it will not allow me to reset it or I'm not understanding the method to reset the number of invalid attempts.
vmsecure journal list
4 TUBES VALIDATE ANNIE
Ready;
vmsecure journal reset TUBES
VMXPWJ0128E No matching journal information found.
Ready(00024);
vmsecure journal reset ANNIE
VMXPWJ0128E No matching journal information found.
Ready(00024);
Resolution:
VM:Secure creates journal entries when it detects a user entering an invalid password. If the number of consecutive invalid attempts exceeds the limit specified on the JOURNAL record in the SECURITY CONFIG file, VM:Secure prevents further attempts until the JOURNAL RESET command is issued.
Your JOURNAL LIST shows:
vmsecure journal list
1 L000B LOGON *
1 L000B LOGONBY *
3 * LOGONBY ANNIE
4 TUBES VALIDATE ANNIE
Ready;
You must clear both the LOGONBY and the VALIDATE as shown here:
VMSECURE JOURNAL RESET * LOGONBY L000B
VMXPWJ1274I Normal completion.
Ready;
VMSECURE JOURNAL RESET TUBES VALIDATE ANNIE
VMXPWJ1274I Normal completion.
Ready;
Additional Information:
The documentation for the VMSECURE JOURNAL command can be accessed at:
https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/with-security-mgmt/en/reference/command-reference/journal-command