Older releases of Top Secret used to allow for a user's password to be displayed with a simple TSS list command. It required the PWVIEW system option to be turned on, as well as specific authority on the security admin's ACID. This ability to display passwords is (fortunately) no longer available.
As far back as I can recall (RACF 1.7?), RACF has never allowed passwords to be displayed. Tom Chicklon -----Original Message----- Hi all , In my previous shop we add TSS instead of RACF . I remember we had a way to get a user password but I'm not really familiar what was the background process. Is somebody familiar with a method to get a user password when using RACF ? I assume RACF DB is holding the DB in hash base on a one way function , but I'll also expect that TSS will do the same . if it truly so , I'll be interesting on HOW could my previous shop bypass the basic security (maybe using Exit to insert the password to protected dataset before the HASH) I'll expect from a security product to allow only reset of the password and not reviewing of the user password . -- best regards, matan cohen MF System Administrator. This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
