You do not need a password to login if you are in supervisor mode, so trying to reverse engineering a password is a if that is the purpose)
On Tuesday, December 13, 2022, Lennie Dymoke-Bradshaw < [email protected]> wrote: > I wrote code using doing over 30 years ago to automatically change > passwords. This was before the days of pass tickets and I needed one piece > of software to sign on as an IMS user to IMS. It needed a password. So I > coded an exit routine which would build a new password using some > randomisation algorithm and then encrypt it using the call you mention. I > then extracted the existing password in encrypted form and used a RACROUTE > REQUEST=VERIFY with those old and new passwords and specifying ENCRYPT=NO. > > This performed the logon and switched the password every time. No one ever > saw the password. I had retry logic for siuations wher the new password was > rejected for any reason. > I think this method breaks under KDFAES passwords. Nowadays a pass ticket > would be a preferable method. > Restoring a DES encrypted password requires REQUEST=EXTRACT,TYPE=REPLACE I > think, but I have never tried doing that. > > Lennie Dymoke-Bradshaw > https://rsclweb.com > 'Dance like no one is watching. Encrypt like everyone is.' > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of > Binyamin Dissen > Sent: 13 December 2022 17:13 > To: [email protected] > Subject: RACROUTE REQUEST=EXTRACT,TYPE=ENCRYPT,ENCRYPT=(,DES) > > The doc indicates that this request will return data that can be used for > authentication. > > Not clear to me how used (PASSWORD in REQUEST=VERIFY) . > > Also, do not understand how a DES encrypted password can be restored. > > Am I missing something obvious? > > I would think that TOKEN would be the way to go. > > -- > Binyamin Dissen <[email protected]> http://www.dissensoftware.com > > Director, Dissen Software, Bar & Grill - Israel > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
