Unlock the userid and reset the password. -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of William Boyer Sent: Thursday, February 27, 2020 1:06 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SERVAUTH (RACF CLASS) profile causing a looping CPU
[CAUTION: This Email is from outside the Organization. Do not click links or open attachments unless you trust the sender.] We have defined SERVAUTH profiles EZB.NETACCESS.x.x.x and made the appropriate entries in SYS1.TCPPARMS (PROFILE) NETACCESS. (Our client requires that we follow the DISA STIG which requires these profiles to be setup.) Everything was working as designed until... One of our employees was attempting to transfer, using NDM aka Connect:Direct, several datasets from a client site to our site and they typed their password incorrectly. Apparently he typed it wrong three times and that revoked his userid. But the other datasets the client NDM had on their queue tried to initiate the TCP/IP connection. The SERVAUTH profile was checked and RACF returned a NOT AUTHORIZED because he was a revoked user which broke the TCP/IP connection. The originating NDM only saw the connection drop so it tried to reconnect: 7,460 times in around 27 minutes. Apparently this much TCP/IP traffic was enough to cause other things to fail. I was able to stop our NDM from the operator console but could not get logged on to TSO. Question. Any ideas on how to stop this kind of looping? (Removing NETACCESS is not an option.) While this was unintentional it seems by enabling the SERVAUTH TCP/IP NETACCESS we now have easy way for someone to institute a denial of service. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN