Tracing the login details in CICS.

[Bhaskar Virgo]

Hi,

Is there any way to trace the login details in CICS? I mean for a screen if I want to show the last unsuccessful login attempt details once the user logs in successfully in CICS. Can such a thing be done on CICS? Please suggest, I searched but not sure if I used correct serach key words.

[enrico-sorichetti]

login success/failures are tracked by the security manager ( RACF, TopSecret, ACF )
if You have the need to know the security support group will guide You

[POINSOT]

Actove TRACE inside CICSQ with CETR

[POINSOT]

Ups..sorry
Active TRACE inside CICS with TRAN CETR

[Bhaskar Virgo]

Thanks POINSOT. Can we code this like EXEC CICS command in the program?

I have searched on the TRACE and found this link:

https://www.ibm.com/support/knowledgece ... -10-6-3-11 and then went to https://www.ibm.com/support/knowledgece ... .0&lang=en but I could not find an example of using this facility inside a COBOL CICS program. Can we do that?

[enrico-sorichetti]

Describe the business need of it!

[Robert Sample]

CETR interacts with the screen -- if you invoked it from a program you would have to be able to deal with it.
As you have been told, the security product deals with logon details -- and if you can prove the business need to them, I'm sure they will work with you to accomplish your goal.  However, continuing on your own down this path is foolhardy as management could easily see what you are doing as an attempt to bypass site security and this could lead to consequences up to and including employee termination.

[Bhaskar Virgo]

There is a screen which is a used during UAT testing. This screen initially had access only to 3 to 5 IDs but now that has been increased to 15. It is expected to get more users in future, up to 100. For this screen there had been complains about password getting locked. We, on support side, got escalation many time that it is not maintained well while we say that this facility is mis used and user should take care with their login credentials. We wanted to see who is logging in with how many wrong attempts.

[Robert Sample]

We cannot repeat this enough:  TALK TO YOUR SITE SECURITY GROUP!  They may already have a report generated that contains precisely what you want to know, but you won't find out unless you talk to them.  They are the ones with invalid login attempt data, and your attempting to bypass them to find out this on your own could have negative consequences up to and including employee termination. 

[Bhaskar Virgo]

Thanks for the reply Robert and dory if I have written something wrong. I was just trying to answer of the need. We are already in talk with the site support group.

[nicc]

We are already in talk with the site support group.

So why post and not mention this.
Now you will have to post what you discover from your support.

[Robert Sample]

if I have written something wrong. I was just trying to answer of the need.

You haven't written anything wrong, but you persisted in trying to find information we simply CANNOT provide you.  Each site operates differently and has different policies and procedures.  Some sites restrict application programmer access very closely and some sites allow application programmers to do pretty much anything.  Furthermore, sites can use different security packages as enrico  pointed out earlier, and giving you RACF commands when your site runs Top Secret would not help you (not to mention you are not likely to have the authority to execute RACF -- or Top Secret or ACF -- commands).  Generic questions we can answer (and do answer frequently), but when the question starts getting into site-specific information, we have to refer you to the site support group since we don't work for your site and have no idea how the site operates nor what its policies and procedures are.