I stand corrected. The password is, in fact, the default group. There are way too many gotchas popping up... What happens if the password is expired? Will the password phrase still work? I guess I should test this too.
On Wed, Mar 20, 2013 at 10:18 AM, Elardus Engelbrecht < [email protected]> wrote: > Keith Smith wrote: > > >It has been stated that every RACF ID must have a password. > > Statement is correct. From RACF Command Language Ref: AU command: > > Every user that you assign a password phrase must have a password. When > you specify PHRASE for a user without specifying PASSWORD, the user is > assigned the default password. In your case, it is SYS1. > > >I was able to logon to TSO using the password phrase. So, it does not > seem to be true that a password is required unless RACF created some random > password, but the bottom line is there is no password that I can use to > logon except the password phrase. > > True, you can use either password or password phrase to logon. But you can > still logon with password only, just use the group as your password. To > avoid this exposure always enter a password value and never tell your users > what the password is. > > > DEFAULT-GROUP=SYS1 PASSDATE=00.000 PASS-INTERVAL= 90 > > PHRASEDATE=13.079 > > ATTRIBUTES=PASSPHRASE > > Now I know your passsssssssssssssssssssssword! It is SYS1 ;-D > > Groete / Greetings > Elardus Engelbrecht > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Keith Smith Engineer-Enterprise Sys Sr.-IT Capacity & Performance Shaw Industries Inc. Subsidiary of Berkshire Hathaway 616 E Walnut Ave Mail Drop 072-04 Dalton, GA 30721 Email: [email protected] Office: 706.275.3244 Please consider the environment before printing. -- ********************************************************** Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail. If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender. Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company or its subsidiaries. ********************************************************** ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
