Tracking The Source of a Bad Password
We had a customer recently who had someone locking out a service account on IBM i. This service account ran their BI dashboard. The question was asked: “how can we find out who did this?”
Using the audit journal, we have the ability to find out where the bad password requests came from. When you narrow down the where, the who becomes much easier to figure out.
If you are auditing your security events (which you should be) then you can do the following steps. You’ll need your QAUDLVL system value to include *AUTFAIL and *SECURITY. If you don’t audit security events, check this IBM technote to start doing so: http://www-01.ibm.com/support/docview.wss?uid=nas8N1014712.