When we got our first CMOS boxes in the mid-90s, we decided *not* to change OEM passwords. None of the 'support' accounts are accessible remotely, and the HMCs live behind physical security as high as anything the data center can provide.
The problem with changing the SERVICE password, for example, is that the CE who randomly gets dispatched at oh-dark-thirty to get your business up and running again may well be someone you've never heard of before. How will that person know the password? If it has to be supplied by on-site Operations, then you have an exposure right there. If it has to be supplied by sysprogs, then your business depends on being able to reach the right person who happens to know the current value. If you're concerned about the wrong person gaining physical access to the HMC, then you have a fundamental problem that a password will not address. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mark Pace Sent: Tuesday, July 31, 2018 9:22 AM To: [email protected] Subject: (External):Re: HMC Password maintenance for SERVICE account I've never changed it. The HMC is in locked room with security controls on who can access the room. Don't allow the Service user id to be accessed via a network. On Tue, Jul 31, 2018 at 12:08 PM Porowski, Kenneth <[email protected]> wrote: > How do others handle changing the default password for the HMC SERVICE > account. > > Do you just change it and let your CE know the new password? Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
