It is worth noting that we chose to leave the IBM supplied accounts like SYSPROG, ACSADMIN, SERVICE in place as they are for this exact reason, however of the 10 accounts defined, only 2 of us know those passwords.
_________________________________________________________________ Dave Jousma Assistant Vice President, Mainframe Services [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB1G p 616.653.8429 f 616.653.8497 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Hal Merritt Sent: Tuesday, April 07, 2009 2:24 PM To: [email protected] Subject: Re: HMC and LDAP Kind of a chicken and egg. How can you IPL if your LDAP server is not responding? Remember, as is, the MF can shrug off any LAN issues. You have the power to put the operation of the MF at the mercy of the company LAN. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Corjan Nota Sent: Tuesday, April 07, 2009 10:44 AM To: [email protected] Subject: Re: HMC and LDAP We are thinking to authenticate operators on our company wide LDAP Server residing on AIX behind a VPN with SSL/TLS. Not my preferred platform, but I can live with it for now and we'll see how things are going. Security management defines all operator userids on the HMC and in the Active Directory. I don't expect operator handling will go much better, but maybe there will be more awareness and ...it's a management decision. Maybe we can migrate to the LDAP Tivoli Directoy Service on z/OS in the nearby future (not implemented yet), but then we will get specific operator authentication problems if this LDAP system must be IPL-ed. Whatever we choose: an envelop procedure is always necessary. Corjan Nota This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
