My logon PROC is set up to bypass any solicitor and put me directly at:
IKJ56700A ENTER USERID -
userif
Oops! Typo. I recognize it by sight or by proprioception an instant
after I press ENTER. But "USERIF" is another valid user ID in my
department. I'm at the TSO GUI LOGON panel. I don't want to
enter a password and risk revoking my coworker's account. I'd
like to overtype the last character in USERIF:
------------------------------- TSO/E LOGON -----------------------------------
Enter LOGON parameters below: RACF LOGON parameters:
Userid ===> USERIF
Damn! The field is not modifiable! (Why?) If I press END, I'm disconnected
(why?) and must reconnect. Is there any way to get directly back to IKJ56700A?
Or even better, to change the Userid and continue with the logon?
In another recent thread I mentioned the possibility of user ID enumeration
as a weakness. SSH, at least, does it right:
502 $ ssh 0123456789@$MVS_HOST
0123456789@$MVS_HOST's password: A
Permission denied, please try again.
0123456789@$MVS_HOST's password: B
Permission denied, please try again.
0123456789@$MVS_HOST's password: C
Permission denied (publickey,password).
503 $
SSHD doesn't tell me that "0123456789" is unknown to RACF, or even
that it's syntactically invalid. I can't use SSH to probe for known user IDs.
Many years ago, a coworker suggested that even that is TMI. The host
should provide no information about the connection until a valid ID and
password have been entered.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
