Paul Gilmartin wrote:
On Sat, 24 Jan 2009 14:59:56 -0800, Edward Jaffe wrote:
RACF didn't fold the password until recently.
All the more reason, then, that applications should _never_ have
folded passwords. It merely prevented users' employing a
capability present in the underlying system.
No. Failure to fold password on older RACF systems resulted in logon
failure. Folding by the application was mandatory.
Are you saying, then, that RACF entered the password in its
data base as-is, but demanded that it be supplied in upper case
to logon? That sounds like terrible design.
RACF does not save passwords. Rather, it saves signatures derived
mathematically from the userid and password. However, the end result was
the same as if the password "entered" in its data base was in uppercase.
Bottom line. If a RACROUTE VERIFY caller did not fold the password, the
logon would fail.
--
Edward E Jaffe
Phoenix Software International, Inc
5200 W Century Blvd, Suite 800
Los Angeles, CA 90045
310-338-0400 x318
[email protected]
http://www.phoenixsoftware.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
