Re: Passw protection out RACF rules with z/OS resources for userid.

Thu, 19 Feb 2009 13:01:29 -0800 

 

 

I find a simple solution for this ( and checked):  inside Beta 88 panels, an 
option to define a new passowrd for the userid, allows to do not have a 
Pass-Interval, next there is a option  for the password that NO REVOKE, even 
after many attempts; once this has been applied; tested the attempts to acces 
with this user for more than 3 attepmts (actually this is a RACF configuration 
in my installation) and do not revoke the user; at the time to display the 
user; only appears a PASS-INTERVAL: N/A (and NO Protected attribute appears).

 

My question is; with kind of resource or procedure between RACF and Beta88 
allows this functionality?

 

 

Thanks.

 


 
> Date: Thu, 19 Feb 2009 14:13:30 -0600
> From: [email protected]
> Subject: Re: Passw protection out RACF rules with z/OS resources for userid.
> To: [email protected]
> 
> On Thu, 19 Feb 2009 14:00:00 -0600, Carlos Cordero <[email protected]>
> wrote:
> 
> >Yeah! the application really needs a password (because many people who
> improperly attempt to >use it knows the userid, so would be access with no
> restrictions and that is a very dangerous >situation) , PROTECTED attribute
> had been discarded for this purpose.
> 
> You can't logon using a PROTECTED user ID, unless you have some very odd
> application that does not request a password at all, and then tells RACF not
> to check a password. Normal applications request a password and supply it
> on the RACROUTE REQUEST=VERIFY, and such a request will fail immediately
> (without revoking the user ID) if the user specified a PROTECTED user ID.
> 
> Thus the ID is very well protected (and thus the term PROTECTED). The lack
> of a password does not allow use of the ID "with no restrictions" as you
> indicated, and it is probably exactly what you want.
> 
> -- 
> Walt Farrell, CISSP
> IBM STSM, z/OS Security Design
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html

_________________________________________________________________
P.D. Live Search tiene una sorpresa buenísima, chécala aquí.
http://www.ganabuscando.com/Default.aspx
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to