I think if you were just going to take the password and verify that it was correct (or not), that shouldn't be a big issue. Although there should be some way to keep the user from using it to "guess" other people's passwords. Maybe a limit on tries, or a way to inform someone that they tried it more than once in a certain period of time.
With some restrictions, I think that just issuing the RACROUT request=verify, would be okay. There should probably be some mechanism to revoke the ID if there are two many guesses though. Brian On Fri, 8 Jan 2021 21:02:50 +0000, Jousma, David <[email protected]> wrote: >Sam, > >I'm curious as to the usage scenario? This almost sounds like a security >problem? So you take a users password input, go ask SAF if correct? Sounds >like a man-in-the-middle situation? > >_____________________________________________________________________________________________________ >Dave Jousma >AVP | Director, Technology Engineering > >Fifth Third Bank | 1830 East Paris Ave, SE | MD RSCB2H | Grand Rapids, >MI 49546 >616.653.8429 | fax: 616.653.2717 > > >-----Original Message----- >From: IBM Mainframe Discussion List <[email protected]> On Behalf Of >Sam Golob >Sent: Friday, January 8, 2021 12:19 PM >To: [email protected] >Subject: Code to verify LOGON password > >**CAUTION EXTERNAL EMAIL** > >**DO NOT open attachments or click on links from unknown senders or unexpected >emails** > >Dear Folks, > > Does anyone have user-written code for RACF, so that if the user types in > a password, the code will verify if it is the user's actual LOGON password? > > I'd like to see code that does this, for ACF2 and Top Secret as well, but > I'm primarily interested in RACF. > > Thank you very much. All the best of everything to all of you. > >Sincerely, Sam > > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, send email to >[email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL >EMAIL** > >**DO NOT open attachments or click on links from unknown senders or unexpected >emails** > >This e-mail transmission contains information that is confidential and may be >privileged. It is intended only for the addressee(s) named above. If you >receive this e-mail in error, please do not read, copy or disseminate it in >any manner. If you are not the intended recipient, any disclosure, copying, >distribution or use of the contents of this information is prohibited. Please >reply to the message immediately by informing the sender that the message was >misdirected. After replying, please erase it from your computer system. Your >assistance in correcting this error is appreciated. > > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
