On Mon, 18 Mar 2013 15:12:33 -0700, Skip Robinson wrote: > >As for SSO, those folks who logon to mainframe and some other platform >can easily chose an 8 character password with mixed case for Windows, >Unix, etc., and use the same password on mainframe with no ill effects >because mainframe logon will translate the entered password into upper >case transparently. > I wouldn't be smug about that. If auditors discover it's happening (it's easy to test for), they might deem it a failure.
Of course, the implementations were wrong from the very beginning. Applications (e.g. logon) should _always_ have passed on passwords as entered; it should be solely RACF's prerogative to treat them as case-sensitive or insensitive, and to enforce other site rules on password construction. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
