The exit should not be the default or even readily available without some positive action by the install person.
That said, we might have to use that exit to implement an AES encryption of the passwords, if we do start the migration to RACF. /Tom Kern On Fri, 25 May 2007 13:20:11 -0400, Jim Bohnsack <[EMAIL PROTECTED]> wro te: >I'm installing z/VM 5.2 on a 2nd level test system while waiting for 5.3 >to become available. I stumbled (stubbed my toe) over a default in the >RACF install and am curious to get some other's views on whether or not >this should be the default. In talking with a RACF developer, he said >that the item has been discussed within his group as well. > >The problem I came across is that the ICHDEX01 exit is shipped in the >RACFLPA LOADLIB. ICHDEX01 is the code that would permit a password to >be masked or hidden in the RACF database rather than using DES >encrytpion. ICHDEX01 goes back to pre-DES days. It seems to me that it >should be made an option rather than having someone (me) read and >decipher the note in the program directory and then ignore it. Leaving >the exit in place rather than using RACF's DES encryption means that if >you use your existing DES encrypted database, no existing passwords work . > >I'd be interested in a show of hands to find out if others prefer to and >do roll your own for database password encryption vs. using RACF's DES >code. I told the RACF developer that I'd let him know what I found. > >Jim > >-- >Jim Bohnsack >Cornell University >(607) 255-1760 >[EMAIL PROTECTED]
