On Thu, 19 Feb 2009 14:00:00 -0600, Carlos Cordero <[email protected]> wrote:
>Yeah! the application really needs a password (because many people who improperly attempt to >use it knows the userid, so would be access with no restrictions and that is a very dangerous >situation) , PROTECTED attribute had been discarded for this purpose. You can't logon using a PROTECTED user ID, unless you have some very odd application that does not request a password at all, and then tells RACF not to check a password. Normal applications request a password and supply it on the RACROUTE REQUEST=VERIFY, and such a request will fail immediately (without revoking the user ID) if the user specified a PROTECTED user ID. Thus the ID is very well protected (and thus the term PROTECTED). The lack of a password does not allow use of the ID "with no restrictions" as you indicated, and it is probably exactly what you want. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
