Suppress signon failure message?

Document ID : KB000015313
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Client would like to suppress the signon failure error messages.

Question:

We are looking to use the PASSWORDPREPROMPT setting in the TSO LOGON parmlib member in order to shield username information from unauthorized parties. When the option is enabled, we're still seeing the TSS7101E message indicating an invalid password, which by deduction, indicates a valid username. Given that the PASSWORDPREPROMPT option is designed specifically to result in ambiguous information concerning valid and invalid usernames, we believe that the TSS7101E should not be displayed when it is enabled.

Answer:

lution 
You can use the MSG control option.
ex:
MSG(7101,SUPPRESS)

Any CA Top Secret message from 7000-7999 can be suppressed by using the CA Top Secret "MSG" control option.

Each "MSG" control option statement should be on a different line.

Example:

To suppress messages TSS7000I and TSS7001I, the following entries would be added to the CA Top Secret Parameter File:

MSG(7000,SUPPRESS)
MSG(7001,SUPPRESS)

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/specifying-control-options-to-modify-your-security-environment/msgcontrol-violation-message-characteristics

Also wanted to make you aware at CA Top Secret 16.0, after PTF RO88415, the GENSMSG control option was added to provide support for generic signon messages that do not display the user id or type of error in messages issued, before the password is validated.

Once CA Top Secret has been started with GENSMSG(YES), issuing a generic message for all errors that occur during signon, the following message appeared;

TSS7099E Signon Credentials Invalid

It is documented at the following link:

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/specifying-control-options-to-modify-your-security-environment/gensmsgproduce-a-generic-signon-error-message