What is the difference between the GSO PSWD options MAXTRY and PASSLMT?

Document ID : KB000025705
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

I am reviewing the GSO PSWD options MAXTRY and PASSLMT and would like to know the difference between these options and how they interact.

The GSO PSWD options MAXTRY and PASSLMT are both related to password usage but have very different functions. The MAXTRY option is related to the number of invalid passwords attempts that are allowed before your TSO session will be cancelled.

The PASSLMT option is related to the number of invalid password attempts permitted before the LOGONID is "suspended for invalid password attempts".

(Note: the SUSPEND attribute is NOT set in the LOGONID record).

Answer: 

As an example you set MAXTRY(2) and PASSLMT(3) in the GSO PSWD record.

Since the MAXTRY option relates to invalid password attempts during TSO logon, if a user enters two invalid passwords they will have that TSO session cancelled and will need to start the session again if they wish to logon. Taking this example a little further; if the user attempts to logon again and gets another invalid password they will then be prompted one more time for their password. If they get the fourth password attempt incorrect, their LOGONID is set as "suspended due to invalid password attempts" and the TSO session will be cancelled and the user will not be allowed to logon until the PASSWORD violation count is reset by an administrator.

This can be done with the following operator command

F ACF2,RESET(logonid)