Cross Posting to IBMMAIN and RACF After reading Walt Farrell's response
The passwords are, in fact, not stored at all. (There is one exception, the "password enveloping" function, but that's a different discussion than this one.) RACF encrypts the user ID using the password as the key, and stores the encrypted user ID. The password itself is not saved, in any form. It seems that your statement that he got the UID and Password of some users may not be complete. Was your user able to prove to you that he could logon on with those Passwords and userids? If so, then yes, you have a problem. Second, if your RACF Database is in UACC(NONE) then how did he get access? RACF should have prevented any READ attempt. So either the user had a special authority or that person used a different id that had the authority to do this. I would review the RACF SMF data to see specifically what this ID did and what was used to access the SYS1.RACF.PRIM database. Could you post the RACF profile for this file? It would help us to see if there is anything that might be missing. Also, could you post the USERs ID with the LU userid command so we can see if there is anything that allowed the access? Did he access the file from a different LPAR that did not have UACC(NONE) on SYS1.RACF.PRIM? Did he access a backup of the database and transfer that the PC? What was used on the PC that produced the RACF ID and Password? Lizette -----Original Message----- From: RACF Discussion List [mailto:[email protected]] On Behalf Of majuma Sent: Saturday, August 17, 2013 9:48 AM To: [email protected] Subject: Fwd: RACF Database protection Hi list, Some one in our section, he was able to download RACF data base file SYS1.RACF.PRIM via ftp to PC, the file is UACC is none. then he used some tool to get uid and password of some users. I want to understand what happend, and how to protect against such issue. Send from Samsung Mobile ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
