I seem to remember the verify processing bumping up the password fail
count and revoking the id without any additional logic - even returning
codes indicating those issues. But it's probably been 20 years since I
coded such things, and those brain cells have long since been loaded
with other data. I shouldn't have watched so many Simpsons episodes.
On 1/8/2021 10:12 PM, Brian Westerman wrote:
I think if you were just going to take the password and verify that it was correct (or
not), that shouldn't be a big issue. Although there should be some way to keep the user
from using it to "guess" other people's passwords. Maybe a limit on tries, or
a way to inform someone that they tried it more than once in a certain period of time.
With some restrictions, I think that just issuing the RACROUT request=verify,
would be okay. There should probably be some mechanism to revoke the ID if
there are two many guesses though.
Brian
On Fri, 8 Jan 2021 21:02:50 +0000, Jousma, David <[email protected]> wrote:
Sam,
I'm curious as to the usage scenario? This almost sounds like a security
problem? So you take a users password input, go ask SAF if correct? Sounds
like a man-in-the-middle situation?
_____________________________________________________________________________________________________
Dave Jousma
AVP | Director, Technology Engineering
Fifth Third Bank | 1830 East Paris Ave, SE | MD RSCB2H | Grand Rapids, MI
49546
616.653.8429 | fax: 616.653.2717
-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Sam
Golob
Sent: Friday, January 8, 2021 12:19 PM
To: [email protected]
Subject: Code to verify LOGON password
**CAUTION EXTERNAL EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected
emails**
Dear Folks,
Does anyone have user-written code for RACF, so that if the user types in
a password, the code will verify if it is the user's actual LOGON password?
I'd like to see code that does this, for ACF2 and Top Secret as well, but
I'm primarily interested in RACF.
Thank you very much. All the best of everything to all of you.
Sincerely, Sam
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL
EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected
emails**
This e-mail transmission contains information that is confidential and may be
privileged. It is intended only for the addressee(s) named above. If you
receive this e-mail in error, please do not read, copy or disseminate it in any
manner. If you are not the intended recipient, any disclosure, copying,
distribution or use of the contents of this information is prohibited. Please
reply to the message immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer system. Your
assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
