PMDF POP and IMAP Servers Update of SYSUAF Records
The following question frequently arises concerning updates to the SYSUAF file by PMDF POP and IMAP servers.
The following question frequently arises concerning updates to the SYSUAF file by PMDF POP and IMAP servers.
Is there any way in PMDF to stop the system uaf record modification audit event from happening when a pop3 (or imap) user checks his/her mail? The system manager wants to audit uaf record modification, but with quite a few pop3 users checking their mail frequently, we're getting inundated with them.As of V5.1, PMDF is using SYS$SETUAI to update user fields in the SYSUAF such as failed login attempts and time of last login; SYS$SETUAI does not allow control as to whether or not updates to the SYSUAF file are audited. Your site has enabled audit alarms whenever the SYSUAF is updated, so you're getting these messages. (Note that LOGINOUT.EXE uses internal DEC routines to update the SYSUAF without generating auditable events; DEC does not support the use of those routines by third parties.)
You can disable the auditing of such events with the DCL command
$ SET AUDIT/ALARM/DISABLE=AUTHORIZATION
Or if you want the auditing of such events to continue but not see the OPCOM broadcasts, you can issue a
$ REPLY/DISABLE=SECURITY
command.
Or, though it's probably not a good idea to do so, if you are willing to
NOT update the SYSUAF on successful POP logins, then there's an option to
have PMDF not update the SYSUAF by setting
UPDATE_LOGIN_TIME=0
in the PMDF_TABLE:POP3D.CNF file for POP3 or in the PMDF_TABLE:IMAPD.CNF file for IMAP.
Home > Support > Tech Tips > PMDF > Technical Notes
