Do you actually have to have someone log on, or do you just need an ID for each console, so that secured commands work and you can audit where they came from?
We used the DEFAULT LOGON(AUTO) so that each console logs on with a user ID equal to the console name. We did this for the reasons you stated - we figured the operators would log on once, anyway, and never log off. Even if they do log on and off, they will probably share IDs and passwords - anything to "get the job done". So, the closest we could come to identifying the operator(s) that issued particular commands would be to know which console issued it, and what operators were in that physical area at the time (via door lock logs or whatever). The IDs are defined as "protected" in RACF so no one can log on with them via the usual methofs. They are also in a RACF group (imaginatively named OPCONSOL) so we can, if we wish, grant access to all the consoles at once. I didn't see a timeout value in the Quick-reference summary of the Init&Tuning info - but suspect that operators would find a way to keep the ID active by issuing meaningless commands once in a while. Tim Hare Senior Systems Programmer Florida Department of Transportation (850) 414-4209 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
