I once worked with a shop that had a similar exit--similar intent anyway--in order to guide a user into following password rules. There are inherent problems with such an exit. First is the difficulty of writing directly to a 3270 screen from a RACF exit. Regular mainframe maintenance has a way of hosing up the exit code, which has to be debugged and modified.
Another problem is more subtle. If an intruder were trying to break in to a mainframe system, such an exit might provide unwitting assistance. I think the strategy is to give as little information as possible about logon failures. Finally, is such an exit even needed? Modern native RACF password rules are pretty sophisticated. Unless a shop has some very unusual password rules, it's probably best to let RACF detect violations and issue appropriate messages. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW [email protected] -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Charles Mills Sent: Thursday, April 8, 2021 6:08 PM To: [email protected] Subject: (External):Re: ICHPWX01 password exit source circa 1993 *** EXTERNAL EMAIL - Use caution when opening links or attachments *** > I'll probably just take it out There is no harm in doing so, provided (a..) your RACF SETROPTS PASSWORD RULES fully express the limits you wish to enforce; and (b.) your auditors are content with that. No user is going to be discombobulated because a password that used to fail your exit no longer does. Unless I am missing something (which someone will surely point out). Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Richard Pace Sent: Thursday, April 8, 2021 1:37 PM To: [email protected] Subject: ICHPWX01 password exit source circa 1993 Our system (z/OS 2.4) is running with an old RACF password exit, ICHPWX01, assembly date 01/11/93. Eyecatcher looks like this: ICHPWX01 E9202 01/11/93 16.25 RACF 1.9 We don't have the source code, and it's abending on our z/OS 2.4 system. I'll probably just take it out; it's long past its usefulness. But I was curious about its provenance and thought I'd check here if anyone recognizes it. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
