PW (Password) journal entries

This table provides the format of the PW (Password) journal entries.

Start of changeInformation from this audit journal entry can be queried with the SYSTOOLS.AUDIT_JOURNAL_PW table function: AUDIT_JOURNAL_PWEnd of change

Table 1. PW (Password) journal entries. QASYPWJE/J4/J5 Field Description File
Offset Field Format Description
JE J4 J5
1 1 1     Heading fields common to all entry types. See Standard heading fields for audit journal entries QJORDJE5 Record Format (*TYPE5),Standard heading fields for audit journal entries QJORDJE4 Record Format (*TYPE4), and Standard heading fields for audit journal entries QJORDJE2 Record Format (*TYPE2) for field listing.
156 224 610 Violation Entry Type Char(1) The type of violation
A
APPC bind failure.
C
User authentication with the CHKPWD command failed.
D
Service tools user ID name not valid.
E
Service tools user ID password not valid.
P
Password not valid.
Q
Attempted signon (user authentication) failed because user profile is disabled.
R
Attempted signon (user authentication) failed because password was expired. This audit record might not occur for some user authentication mechanisms. Some authentication mechanisms do not check for expired passwords.
S
SQL Decryption password is not valid.
U
User name not valid.
X
Service tools user ID is disabled.
Y
Service tools user ID not valid.
Z
Service tools user ID password not valid.
157 225 611 User Name Char(10) The job user name or the service tools user ID name.
167 235 621 Device name Char(40) The name of the device or communications device on which the password or user ID was entered. If the entry type is X, Y, or Z, this field will contain the name of the service tool being accessed.
207 275 661 Remote Location Name Char(8) Name of the remote location for the APPC bind.
215 283 669 Local Location Name Char(8) Name of the local location for the APPC bind.
223 291 677 Network ID Char(8) Network ID for the APPC bind.
    6852 Object Name Char(10) The name of the object being decrypted.
    695 Object Library Char(10) The library for the object being decrypted.
    705 Object Type Char(8) The type of object being decrypted.
    713 ASP Name1 Char(10) The name of the ASP device.
    723 ASP Number1 Char(5) The number of the ASP device.
1
If the object is in a library, this is the ASP information for the object's library. If the object is not in a library, this is the ASP information for the object.
2
If the object name is *N and the violation type is S, the user attempted to decrypt data in a host variable.