If the question relates to CICS, you can use the VERIFY PASSWORD exec interface call.
*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Sat, Jan 9, 2021 at 9:46 AM Tom Brennan <[email protected]> wrote: > I seem to remember the verify processing bumping up the password fail > count and revoking the id without any additional logic - even returning > codes indicating those issues. But it's probably been 20 years since I > coded such things, and those brain cells have long since been loaded > with other data. I shouldn't have watched so many Simpsons episodes. > > On 1/8/2021 10:12 PM, Brian Westerman wrote: > > I think if you were just going to take the password and verify that it > was correct (or not), that shouldn't be a big issue. Although there should > be some way to keep the user from using it to "guess" other people's > passwords. Maybe a limit on tries, or a way to inform someone that they > tried it more than once in a certain period of time. > > > > With some restrictions, I think that just issuing the RACROUT > request=verify, would be okay. There should probably be some mechanism to > revoke the ID if there are two many guesses though. > > > > Brian > > > > > > On Fri, 8 Jan 2021 21:02:50 +0000, Jousma, David <[email protected]> > wrote: > > > >> Sam, > >> > >> I'm curious as to the usage scenario? This almost sounds like a > security problem? So you take a users password input, go ask SAF if > correct? Sounds like a man-in-the-middle situation? > >> > >> > _____________________________________________________________________________________________________ > >> Dave Jousma > >> AVP | Director, Technology Engineering > >> > >> Fifth Third Bank | 1830 East Paris Ave, SE | MD RSCB2H | Grand > Rapids, MI 49546 > >> 616.653.8429 | fax: 616.653.2717 > >> > >> > >> -----Original Message----- > >> From: IBM Mainframe Discussion List <[email protected]> On > Behalf Of Sam Golob > >> Sent: Friday, January 8, 2021 12:19 PM > >> To: [email protected] > >> Subject: Code to verify LOGON password > >> > >> **CAUTION EXTERNAL EMAIL** > >> > >> **DO NOT open attachments or click on links from unknown senders or > unexpected emails** > >> > >> Dear Folks, > >> > >> Does anyone have user-written code for RACF, so that if the user > types in a password, the code will verify if it is the user's actual LOGON > password? > >> > >> I'd like to see code that does this, for ACF2 and Top Secret as > well, but I'm primarily interested in RACF. > >> > >> Thank you very much. All the best of everything to all of you. > >> > >> Sincerely, Sam > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > **CAUTION EXTERNAL EMAIL** > >> > >> **DO NOT open attachments or click on links from unknown senders or > unexpected emails** > >> > >> This e-mail transmission contains information that is confidential and > may be privileged. It is intended only for the addressee(s) named above. > If you receive this e-mail in error, please do not read, copy or > disseminate it in any manner. If you are not the intended recipient, any > disclosure, copying, distribution or use of the contents of this > information is prohibited. Please reply to the message immediately by > informing the sender that the message was misdirected. After replying, > please erase it from your computer system. Your assistance in correcting > this error is appreciated. > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
