× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2025

Re: usrprf password mystery

Nice! Useful too...

On Tue, Aug 26, 2025 at 12:17 PM Bryan Dietz <bdietz400@xxxxxxxxx> wrote:

as mentioned if you have audit journalling on for security
I use this bit of SQL. Adjust the time as necessary

SELECT Entry_Timestamp, current server as System_name
,Job_Number CONCAT '/' CONCAT RTRIM(Job_User) CONCAT '/' CONCAT
RTRIM(Job_Name) AS Job_Name
,RTRIM(Program_Library) CONCAT '/' CONCAT RTRIM(Program_Name) AS
Program_Name
,RTRIM(CAST(SUBSTR(Entry_Data, 2, 10) AS VARCHAR(10))) AS User_Id
,Remote_Address
,Remote_Port
, CAST(SUBSTR(Entry_Data, 12, 10) AS CHAR(10)) as "device"
,CASE RTRIM(CAST(SUBSTR(Entry_Data, 1, 1) AS CHAR(1)))
WHEN 'A' THEN 'APPC bind failure-(A)'
WHEN 'C' THEN 'User authentication with CHKPWD failed-(C)'
WHEN 'D' THEN 'Service tools user ID name not valid-(D)'
WHEN 'E' THEN 'Service tools user ID password not valid-(E)'
WHEN 'P' THEN 'Password not valid-(P)'
WHEN 'Q' THEN 'User profile is disabled-(Q)'
WHEN 'R' THEN 'User password was expired-(R)'
WHEN 'S' THEN 'SQL Decryption password is not valid-(S)'
WHEN 'U' THEN 'User name not valid-(U)'
WHEN 'X' THEN 'Service tools user ID is disabled-(X)'
WHEN 'Y' THEN 'Service tools user ID not valid-(Y)'
WHEN 'Z' THEN 'Service tools user ID password not valid-(Z)'
else '*UNKNOWN - ' concat
RTRIM(CAST(SUBSTR(Entry_Data, 1, 1) AS CHAR(1)))
END Violation_Type
FROM TABLE (
Qsys2.Display_Journal(
'QSYS','QAUDJRN',
Starting_Receiver_Name => '*CURAVLCHN',
Journal_Entry_Types => 'PW',
Starting_Timestamp => CURRENT TIMESTAMP - 1 days )) I;

*newer one

select current_server server,
AUDIT_USER_NAME,remote_address,eNTRY_TIMESTAMP, VIOLATION_TYPE_DETAIL,
DEVICE_NAME,job_name
from table (
SYSTOOLS.AUDIT_JOURNAL_PW(
STARTING_TIMESTAMP => current timestamp - 6 hours)
) pw
-- where Pw.Audit_User_Name = 'USER_ID'
order by entry_timestamp desc;


Bryan

Jerry Draper wrote on 8/26/2025 1:44 PM:
We have a user who changed password last Friday and now profile is
getting *DISABLED every night at 00:20:00.

The password doesn't expire until 11/25/25.

Enabling the profile allows for signon.

Seems like there is a ghost process that is trying to sign on with the
"old" password.

What could that be.

No WRKJOBSCDE jobs; no FTP; ???

Jerry


--

-- .
Bryan

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.