> -----Original Message-----
> From: IBM Mainframe Discussion List On Behalf Of Rick Fochtman
>
> ---------------------------<snip>---------------------------
> One of my favorite requests was for a vendor doing a
> conversion. He wanted all the passwords for user accounts in
> RACF. After being told three times that it was encrypted and
> not obtainable he went away muttering.
> ---------------------------<unsnip>-----------------------
> I would have sent his bleeding body back to the vendor in a
> garbage bag, with a demand for someone who knew what he was
> doing. Asking for passwords is ludicrous and he should have
> learned that early in his training (if he had any!) And if
> the vendor can't make the cut-over without breaching
> security, then it's time to find a new vendor!
You could also have said (truthfully) that RACF doesn't store passwords.
As documented in the SecAdmin Guide, RACF uses the tendered password as
a key to one-way encrypt the userID, and stores the encrypted userID.
Thus, it is (remotely) possible that a given userID could have more than
one valid password at a given time.
-jc-
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
