On Wed, Jan 23, 2013 at 9:14 AM, Ken Hume <[email protected]<mailto:[email protected]>> wrote: >MANY years ago, before we migrated to RACF on MVS, we used a security package >on VSE that was a little "weak". We could actually see the users password. >One morning a programmer, Mike Austin, walked into my office and stated that >he had forgotten his password while on a one day vacation. I had him step out >of my office since he would be able to see >other folks passwords when I >looked for his. I opened the dataset and found his password. It was....... >A >I assume he set it that way so he would not forget it. >Fortunately we went to MVS and RACF shortly after that.
That's quite the memory he had(n't)! Long ago and far away at a University, we publicly stated that if you lost your VM password, we could force a new one but couldn't see your existing one. That was a complete, bald-faced lie: they were in plaintext in the VM directory. My favorite was a student whose password was set to "I LOVE KM". Of course, back then it only used the first token, so his actual password was "I". (No, I don't remember why I noticed this; I wasn't snooping through the directory, they were only students, had nothing of interest!) -- ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
