Hi, Now, I have not written any RACF exits ever, but a project[1] I am part of has just been open-sourced that solves generating one-time codes from a central server. The way it works on Linux is that when you enter your username in the prompt instead of the classical "Password: " prompt you get a URL. You go to that URL and it does whatever it needs to do to check if you have access to log in as the user you are trying to log in as, on the machine that you are trying to use.
The URL would look something like this: https://auth.mainframe.corp/v1/AYUg8AmJMKdUdIt93LQ-91oNvzoNJjga9OukqY6qm05q0PU=/lpar:ZVMLPAR1/tso/IBMUSER/ The thing you get back can be configured to be whatever length you want, we use 10 characters - but for a mainframe shop that would be shorter I guess. If the auth.mainframe.corp server thinks everything is OK you get this code back and you can paste it in as the login password. That way you can implement 2FA however you want (list of smart-cards, list of finger-prints, etc) and apply custom logic to whom to allow and when. The protocol requires no communication between the system being logged in and the authentication server, which hopefully would make a security review easier. Right now we only have it for Linux but making it for z/OS would definitely be a cool project. [1] https://github.com/google/glome/blob/master/docs/glome-login.md On Tue, Aug 25, 2020 at 8:32 PM Paul Gilmartin <[email protected]> wrote: > > On Tue, 25 Aug 2020 13:08:17 -0500, Mike Schwab wrote: > > >SMTP. Email to [email protected] > >https://www.wikihow.com/Email-to-a-Cell-Phone > > > It may not be so simple. The link above takes me ultimately > to a service selling background information (for a previous > owner of my phone number.) > > But a while ago, I discovered mine by sending an IM to my > email address and scraping the From: address. > > But this seems not to work for the popular Comcast. > > What if someone steals your phone? > > >On Tue, Aug 25, 2020 at 10:42 AM Paul Gilmartin wrote: > >> > >> On Tue, 25 Aug 2020 08:50:34 -0500, Mike Schwab wrote: > >> > >> >Text a six digit number to a list of cell phone numbers? Add the > >> >number to the cell phone number so subtracting the six digit number > >> >gives you the last 6 digits of the person's cell phone number? > >> > > >> Is there an app for that? > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
