On 1/5/2006 1:06 PM, [EMAIL PROTECTED] wrote:
Next question: If I convert from masking to DES, what effect does that
have on password storage? Specifically, we have a strong need to be
able to extract the unencrypted password in batch jobs via user exits,
which then puts the password on the jobcard for submission. Another
exit overlays the password with X's so it does not appear in the job
output. (I've never seen it done this way, either, and am not in a
position to change this procedure. It is ubiquitous throughout the
entire batch environment. And, yes, I have made my objections well
known.)
I know that DES is a better protection mechanism than masking. If DES
allows extraction of unencrypted passwords, I will advocate a change.
If not, well then I'm just plain stuck with masking until I can build a
new solution. Your thoughts?
Why do you need to put passwords on submitted jobs? The system has had
functions to avoid that for a long time (years, if not decades) now.
When a user submits a local job his identity is inherited automatically,
without the need for a password or a user ID specification.
For NJE jobs you can use NODES profiles on the receiving system to
indicate your level of trust in the sending system, and again you have
the capability of inheriting the originator's ID without needing a password.
Or, for submitting a job under a different ID you can use surrogate
processing to say that authenticated user X can submit jobs for user Y
without a password.
By the way, your exit for suppressing the password on listings is also
superfluous, as JES does that automatically (and has done so, again, for
years or possibly decades).
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
