ACF2

How can we get list of user Logon IDs whose password is about to expire.

Hi Shrishti,
 
  There is no easy way to do that.  ACF2 does the math at logon time comparing the last time the password was changed against the MAXDAYS value for the user.  But MAXDAYS can be set with the GSO PSWD record, can be in the users logonid record for the individual, or could be with LIDZMAX which means they never expire.  So you would need to write a program to do this in the same way the ACF2 code calculates what to do.
Original Message:
Sent: 08-12-2019 01:42 PM
From: Shrishti Kala
Subject: How can we get list of user Logon IDs whose password is about to expire.

How can we get list of user Logon IDs whose password is about to expire.

Thank you for your reply Ken.
What I'm trying to achieve: Individual user logon IDs whose password is about to expire(I don't want to get service accounts).
What I'm using is ACFRPTSL report and below is the query that I have written:

IF((PSWD-TOD < D'05/25/19') AND (PSWA1TOD < D'05/25/19') AND- 
(PSWA2TOD < D'05/25/19') AND (PSWD-TOD \= D'00/00/00') AND- 
(PSWA1TOD \= D'00/00/00') AND (PSWA2TOD \= D'00/00/00')) 

However this query returns following error:
ACF5D003 OPERATOR EXPECTED NEAR 'PSWD-TOD \=' 

What am I missing?

Regards,
Shrishti

_________________________

Hi Shrishti,
 
  What is \=  ?  I am not familiar with that.  Are you trying to use a Not Equal?  I would just use NE

Precedence	Character	Symbol	Meaning
1.	NOT		Not
2.	OR	|	Or
3.	AND	& or ,	And
4.a.	EQ	=	Equal
4.b.	NE	=	Not equal
4.c.	LE	<=	Less than or equal to
4.d.	GE	>=	Greater than or equal to
4.e.	LT	<	Less than
4.f.	GT	>	Greater than
5.		-	Designates negative value
6.a.		*	Multiply
6.b.		/	Divide
7.a.		+	Add
7.b.		-	Subtract
8.		||	Concatenated to (that is, used between field names, in sequence, to show concatenation of fields). Since UID is not an actual field in the logonid record and cannot be referenced directly, this can be used to build a UID.

Original Message:
Sent: 08-13-2019 08:37 AM
From: Kenneth Suchomel
Subject: How can we get list of user Logon IDs whose password is about to expire.

Hi Shrishti,
 
  There is no easy way to do that.  ACF2 does the math at logon time comparing the last time the password was changed against the MAXDAYS value for the user.  But MAXDAYS can be set with the GSO PSWD record, can be in the users logonid record for the individual, or could be with LIDZMAX which means they never expire.  So you would need to write a program to do this in the same way the ACF2 code calculates what to do.
Original Message:
Sent: 08-12-2019 01:42 PM
From: Shrishti Kala
Subject: How can we get list of user Logon IDs whose password is about to expire.

How can we get list of user Logon IDs whose password is about to expire.

Hello Ken,
I updated my query to this:

000400 //SYSIN DD * 
000600 REPORT(SHORT) 
000610 DTCFIELD(NO) 
000700 INPUT(ACF2) 
000900 SFLDS(PSWD-TOD, MAXDAYS, TSO) 
000910 IF(PSWD-TOD GE D'05/01/19' AND PSWD-TOD LT D'05/31/19') 
001000 /* 

I do have one question though. Why is it that MAXDAYS is appearing as 0 for all IDs?  And all these are user Logon IDs not service accounts.
________________________
 
Hi Shrishti,
 
   You probably have MAXDAYS set in the GSO records.

TSO ACF
SET CONTROL(GSO)
LIST PSWD

What do you have for PSWDMAX?  That value is used for users that do not have MAXDAYS and the LIDZMAX flag set on their personal logonid record.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/administrating/administer-records/global-system-option-records-gso/password-maintenance-and-support-pswd.html

Ken
Original Message:
Sent: 08-12-2019 01:42 PM
From: Shrishti Kala
Subject: How can we get list of user Logon IDs whose password is about to expire.

How can we get list of user Logon IDs whose password is about to expire.