Interesting. I only get prompted once for a password, Ed. We are at the latest EC on our HMC's, but we are EC, not BC. Maybe something is different. One thing we did do, however on the security front, was to make our HMC's authenticate passwords with our Domain Server via LDAP. Now the auditors are happy....
_________________________________________________________________ Dave Jousma Assistant Vice President, Mainframe Services [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB1G p 616.653.8429 f 616.653.8497 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Edward Jaffe Sent: Sunday, December 21, 2008 4:11 AM To: [email protected] Subject: Security Breach on System z HMC? I'm getting used to the "tree view" on our new HMC. However, I've discovered one huge PITA I think I'll *never* get used to. :-( IIRC, there has always been a confirmation prompt for so-called "disruptive" tasks. But now, the clever HMC designers in Endicott have thrown in a second confirmation box--one that prompts for your password _every time_ you confirm a disruptive task! (BTW, this includes basic things like IPLing an image that's already down.) Forcing an operator to type in his/her password over and over is as annoying as it is wrong-headed. Passwords are intended to stay secure and every password prompt is a potential, but usually necessary, exposure. You should never be prompted to type your password more often than necessary. When I logon, my colleagues usually (respectfully) turn their heads as I key in my password. But, having to key it in over and over again during a session means that, after a while, all of the people interested enough to be huddled around the HMC while I perform "neat" (aka disruptive) tasks are bound to learn my password! I've never seen an interface that prompted for my password so often. It's driving me nuts! >:o -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [email protected] http://www.phoenixsoftware.com/ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
