It is entirely possible, near the end of a migration, to change a user’s password to something unknown to said user, and hopefully random and unique. Thereby effectively eliminating the use of the password while still technically having one in the RACF database. I could see some value in this if you want to keep the 8-character option open, but it is not a good idea to me. Using ALTUSER NOPASSWORD would eliminate the pw entirely.
Sent from [Proton Mail](https://proton.me/mail/home) for iOS On Sun, Oct 27, 2024 at 11:01 PM, Dave Gibney <[[email protected]](mailto:On Sun, Oct 27, 2024 at 11:01 PM, Dave Gibney <<a href=)> wrote: > I was my understanding that RACF ids with passphrases all still had > passwords, perhaps unknown to anyone and that it wasn't possible to not have > passwords. > > I could of course be wrong > >> -----Original Message----- >> From: IBM Mainframe Discussion List <[email protected]> On >> Behalf Of Alan Altmark >> Sent: Sunday, October 27, 2024 7:45 PM >> To: [email protected] >> Subject: Re: Passphases >> >> On Sat, 26 Oct 2024 23:27:38 +0200, Radoslaw Skorupka >> <[email protected]> wrote: >> >BTW: a user can have *both* passphrase and password. The second one can >> >be understood as emergency one. >> >> I beg to disagree. Having the password undoes any enhanced security you get >> from having a phrase. >> >> The only reason a user should have a password is if they are using a portal >> that >> does not have support for phrases, or you migrating to phrases. But at some >> point, you need to upgrade the portal and/or remove the PASSWORD. >> >> Alan Altmark >> IBM z/VM Development >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, send email to >> [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
