I have not personally used it, only read about it, but the RACF PWFALLBACK option in a user's MFA segment is feature that might be quite helpful during implementation/testing.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Hervey Martinez Sent: Tuesday, July 16, 2019 11:35 AM To: [email protected] Subject: Re: Tn3270 + MFA I work for a Bank and MFA was implemented several months ago. It was very smooth for the most part. One of the issues we ran into was our DR exercise, the MFA software did not work on the DR recovered system since we usually do some SMS work in the first IPL; we had to keep our "old" password active. Also, we use something called 'out of band'(it is a 'single use'; code) which we use when we FTP from plex to another; there is some other code that is used for the CICS community but not sure what that is called. -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Pew, Curtis G Sent: Tuesday, July 16, 2019 10:24 AM To: [email protected] Subject: Tn3270 + MFA Our security folks want us to implement some form of two-factor authentication for tn3270 access. (Currently, we just require users to be on campus or use our VPN; the VPN uses DUO to provide two-factor authentication. But now they want two-factor for on campus too.) Has anyone implemented anything like this? Any pointers or suggestions? Thanks. -- Pew, Curtis G [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
