I've found I can map a certificate to any userid eg
RACDCERT MAP ID(START1) -
WITHLABEL('ZZ') -
SDNFILTER('CN=zzcolinpaice.O=cpwebuser.C=GB')
Which seems to allow me to do a certificate logon and become any userid.
This includes using protected userid.
Are there any controls I can use to restrict this? I'm working with Zowe
which allows me to use z/OS facilities from Linux/Windows.
Colin
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
