All The IBM RACF development team have just made the RACSEQ sample program for RAdmin/IRRSEQ00 available on GitHub.
Here is the link : https://github.com/IBM/IBM-Z-zOS/tree/main/zOS-RACF/Downloads Many thanks to Bruce Wells for making this happen. Rob Scott Rocket Software -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Pierre Fichaud Sent: 11 October 2022 17:52 To: [email protected] Subject: Re: ICHEINTY, R_admin and RACROUTE EXTRACT EXTERNAL EMAIL On Mon, 10 Oct 2022 at 14:06, Pierre Fichaud <[email protected]> wrote: > To All, > I want replace userid passwords in the RACF database. > I have encrypted password in a flat file. > Where did you get such an encrypted password? --> The password was encrypted using a CSNB*** call. > I labored to get ICHEINTY working but finally did. > > R_admin was much easier than ICHEINTY. > Not surprisingly. ICHEINTY is a pretty low-level interface. R_Admin is similar to issuing an ALU command. > For both ICHEINTY and R-admin, I get return and reason codes set to 0. > > But the password does not get changed. > Does not get changed (i.e. you can still logon with the old password), or isn't what you expect after your code runs? --> Does not get changed. > My SYSPROG temporarily made my userid RACF special and still > neither worked. > I don't know why. > My load library is APF-authorized. > I was in supervisor state for R_admin. > You wouldn't get RC=0 if you weren't suitably authorized. I don't believe SPECIAL makes a difference for this kind of thing. > I turned to RACROUTE REQUEST=VERIFY,TYPE=REPLACE. > Do you mean REQUEST=EXTRACT,TYPE=REPLACE or REQUEST=VERIFY with NEWPASS= ?. --> EXTRACT with REPLACE The former is about the closest thing to ICHEINTY for this purpose, but generally easier to use. The latter is essentially a user logon-with-password-change, so you have to supply the current password. After fixing one thing, it ran cleanly and it worked.. > I was able to login into TSO with the new password. > Again, this is fine if you have an encrypted password to bang in there. But the use cases for this are on the rare side. You may want to think about what you expect to happen to the user's password history when you do this. > Is there something I missed with ICHEINTY and R_admin ? > Presumably. I do know that I have used ICHEINTY to replace passwords and phrases, and it works fine for me. > Thanks to those who responded before, especially Peter Relson. > Regards, Pierre > Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
