Password Changes do not reflect in the TSSAUDIT Report Totals

Document ID : KB000054005
Last Modified Date : 14/05/2018
Show Technical Document Details
Introduction:

Symptoms:

When running a TSSAUDIT Changes Report the changes are listed and then the type of changes are then totaled at the bottom. The Password changes do not show in the totals at the end of the report.

 INCOMING PARAMETER ===>         CHANGES CA(ACIDERK )DATE(-03)
 ETRUST CA-TOP SECRET VERSION 12.0                           AUDIT UTILITY
+                                                           _____________       
-                                          ----- LISTING OF CHANGES TO SECURITY
-CHANGER    DATE     TIME   SYSID TYPE                      COMMAND/IMAGE
 ======== ======== ======== ===== ==== ====================================
 
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1115 ) PASS( ?,0) INST( 1234YJ
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1116 ) PASS( ?,0) INST( 2234I3
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1117 ) PASS( ?,0) INST( 3434B1
 ACIDERK  10/23/08 07:19:02 DSYS  CMND TSS REP(ACID1118 ) PASS( ?,0) INST( 1122VC
 ACIDERK  10/23/08 07:19:03 DSYS  CMND TSS REP(ACID1119 ) PASS( ?,0) INST( 2222FD
 ACIDERK  10/23/08 07:19:03 DSYS  CMND TSS REP(ACID1120 ) PASS( ?,0) INST( 69115B
 ETRUST CA-TOP SECRET VERSION 12.0                           AUDIT UTILITY       
 
                                        ----- LISTING OF CHANGES TO SECURITY 
 
                                        ALL CHANGES WITHIN SCOPE LIST
                                                                               
                                        TSS COMMAND CHANGES = 00006
                                        PASSWORD CHANGES = 00000       **PASSWORD CHANGES ABOVE NOT COUNTED**
                                        PHRASE CHANGES = 00000
                                        DYNAMIC UPDATES = 00000

Resolution:

The Password changes were issued via the replace command. The TSS REPLACE(acid) PASSWORD(...) command is considered a command change and NOT a password change. In order for a password change to be counted in the PASSWORD CHANGES tally at the end of the report, it has to be changed at the time of signon on the signon screen.

The same is true for PHRASE CHANGES. The TSS REPLACE(acid) PHRASE(...) command is considered a command change and NOT a phrase change. In order for a phrase change to be counted in the PHRASE CHANGES tally at the end of the report, it has to be changed at the time of signon on the signon screen.

Instructions:
Please Update This Required Field