I've been working with a product on z/OS, and I've got the point where it says "alter the started task userid to give it a password".....
I'd like to take the comments made, and make a blog post on the STC ID topic- giving credit to contributors. If any one has a problem with this, please contact me offline. Colin On Thu, 12 Jun 2025 at 11:39, Robert S. Hansel <[email protected]> wrote: > Roberto, > > As others have pointed out, Started Task IDs with passwords could be > become revoked due to bad password entry or inactivity. Note that even if > its ID is revoked or the password is expired, a Started Task will still > start. This is a safety feature to prevent accidental or intentional denial > of service. However, if a Started Task with a revoked ID submits a job, the > job will fail due to the ID being revoked. > > Also of concern is that Help Desk staff could reset the password of a > Started Task ID and then log on with the ID to use whatever authority it > has, which is often considerable. RACF authorities that enable Help Desk > staff to reset passwords block them from resetting passwords on PROTECTED > IDs. > > Making Started Task IDs PROTECTED is considered to be a 'best practice" > and is probably a STIG and CIS requirement. The same is generally true for > production batch IDs. > > Regards, Bob > > Robert S. Hansel > Lead RACF Specialist > RSH Consulting, Inc. > 617-969-8211 > www.linkedin.com/in/roberthansel > www.rshconsulting.com > > -----Original Message----- > Date: Wed, 11 Jun 2025 09:05:33 -0400 > From: Roberto Halais <[email protected]> > Subject: STC Userids > > I would like some feedback on what would happen if we assign passwords to > the stcs in our z/OS environment. > At this moment the stcs have no passwords assigned to them. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
