Logins can fail for any number of reasons. One
of your passwords might have changed, or your account might have expired.
You might be attempting to log in over the network or from a modem
but be unauthorized to do so. “Reasons for Login Failure” summarizes common reasons for login
Table 3-3 Reasons for Login Failure
| Failure Indicator|| Reason|
response from the terminal.
A defective terminal, a terminal that requires a system password,
a terminal that is not powered on, or a communications problem caused
by defective wiring or by a misconfigured or malfunctioning modem.
response from any terminal.
The system is down or overloaded.
response from the terminal when you enter the system password.
The system password changed.
A typing error in your user name or password. The account or
authorized to log in from this source"
Your particular class of login (local, dialup, remote,
interactive, batch, or network) is prohibited.
authorized to log in at this time"
You do not have access to log in during this hour
or this day of the week.
failure" (and no known user failure occurred)
An apparent break-in has been attempted at the terminal
using your user name, and the system has temporarily disabled all
logins at that terminal by your user name.
The following sections describe the reasons for
login failure in more detail.
Using a Terminal That Requires a System Password
You cannot log in if the terminal you attempt
to use requires a system password and you are unaware of the requirement.
All attempts at logging in fail until you enter the system password.
If you know the system password, perform the steps
described in “Entering a System Password”. If your attempts fail, it is possible
that the system password has been changed. Move to a different terminal
that does not require a system password, or request the new system
If you do not know the system password and you
suspect that this is the problem, try logging in at another terminal.
Observing Your Login Class Restrictions
If you attempt a class of login that is prohibited
in your UAF record, your login fails. For example, your security administrator
can restrict you from logging in over the network. If you attempt
a network login, you receive a message stating that you are not authorized
to log in from this source.
Network jobs are not terminated when the allocated
work shift for network jobs is exceeded. This restriction applies
only to new network connections, not to existing ones.
Your security administrator can restrict your
logins to include or exclude any of the following classes: local,
remote, dialup, batch, or network. (For a description of these classes,
see “Logging In Interactively: Local, Dialup, and Remote Logins” and “When the System Logs In for You: Network and Batch Logins”.)
Using an Account Restricted to Certain Days and Times
Another cause of login difficulty is failure to
observe your shift restrictions. A system manager or security administrator
can control access to the system based on the time of day or the day
of the week. These restrictions are imposed on classes of logins.
The security administrator can apply the same work-time restrictions
to all classes of logins or choose to place different restrictions
on different login classes. If you attempt a login during a
time prohibited for that login class, your login fails. The system
notifies you that you are not authorized to log in at this time.
When shift restrictions apply to batch jobs, jobs
you submit that are scheduled to run outside your permitted work times
are not run. The system does not automatically resubmit such jobs
during your next available permitted work time. Similarly, if you
have initiated any kind of job and attempt to run it beyond your permitted
time periods, the job controller aborts the uncompleted job when the
end of your allocated work shift is reached. This job termination
behavior applies to all jobs.
Failing to Enter the Correct Password During a Dialup Login
Your security administrator can control the number
of chances you are given to enter a correct password during a dialup
login before the connection is automatically broken.
If your login fails and you have attempts remaining,
press the Return key and try again. You can do this until you succeed
or reach the limit. If the connection is lost, you can redial the
access line and start again.
The typical reason for limiting the number of
dialup login failures is to discourage unauthorized users attempting
to learn passwords by trial and error. They already have the advantage
of anonymity because of the dialup line. Of course, limiting the number
of tries for each dialup does not necessarily stop this kind of intrusion.
It only requires the would-be perpetrator to redial and start another
Knowing When Break-In Evasion Procedures Are in Effect
If anyone has made a number of failed attempts
to log in at the same terminal with your user name, the system concludes
that an intruder is attempting to gain illegal access to the system
by using your user name.
At the discretion of your security administrator,
break-in evasion measures can be in effect for all users of the system.
The security administrator controls how many password attempts are
allowed over what period of time. Once break-in evasion tactics are
triggered, you cannot log in to the terminal---even with your correct
password---during a defined interval. Your security administrator
can tell you how long you must wait before reattempting the login,
or you can move to another terminal to attempt a login.
If you suspect that break-in evasion is preventing
your login and you have not personally experienced any login failures,
you should contact your security administrator immediately. Together,
you should attempt another login and check the message that reveals
the number of login failures since the last login to confirm or deny
your suspicion of intrusion attempts. (If your system does not normally
display the login message, your security administrator can use the
Authorize utility (AUTHORIZE) to examine the data in your UAF record.)
With prompt action, your security administrator can locate someone
attempting logins at another terminal.