MFA is utter goodness and I would 100% encourage its use but you might note that some (many?) shops use it only for their more privileged TSO userids, not for all userids.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jim Mooney Sent: Wednesday, September 4, 2019 1:01 PM To: [email protected] Subject: Re: MFA: An acronym that doesn't start with the word Mother Hi Ross, Thanks very much for the reply. We are currently evaluating IBM's MFA for zOS as well as other products. If I have questions I will contact you. I agree with you that it seems best to keep MFA on the mainframe. At this point, I am hoping to hear from other mainframe shops using a non-mainframe solution. We have identified some 'holes' in the proposed 'PAM' POC happening here, and I can't see how a non-mainframe MFA solution would work. We are very early in our research of an MFA solution. If it's possible to implement MFA for an IBM Mainframe but have it run on Windows, I would like to learn more about that. What product does it? Does it interface with RSA Secure? Is access to the mainframe locked for all platforms except Windows? Anybody? Sorry, if these are dumb questions. All input is welcome. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
