On: Sat, Jul 12, 2008 at 01:03:10AM -0500,Leland Lucius Wrote:
} Hi, it's the RACF newbie again.
}
} RACF has been running fine for us and went in without a hitch thanks to
} all of y'all.
}
} But, because we have nothing better to do, we've been sitting around
} trying to think of scenarios that we "may" come up against in the future
} and we want to be able to "recover" from them.
}
} Here's one of 'em:
}
} We have removed the password from MAINT and the 2 of us sysprog wannabes
} have setup RACF to allow us to LOGONBY to MAINT. Works beautifully.
} But, what would happen if some malicious individual decided to attempt
} sufficient invalid logons to cause us our IDs to be revoked. How would
} we ever get back to MAINT? Now, add in the security admins ID to the
} mix. Then what?
Here is an exec that should be used only in extenuating circumstances
and then VERY carefully. Note: It MAY need adjustments for 64 bit code
as I last used it in 32bit VM:
/* Disable RACF.
Use with CAUTION!
*/
false = (1=0)
true = (1=1)
Address COMMAND
Trace O
/*
See if RACFVM is logged on.
Procede ONLY if its not.
*/
'CP QUERY USER RACFVM'
if rc = 0
then do
say 'RACFVM is logged on.'
say 'Enter "YES" to continue, anything else to abort.'
parse upper external qq
if qq ^= 'YES'
then exit 8
end
'PIPE CP LOCATE HCPRWA',
'| Specs w3 1',
'| Specs /STORE H/ 1 w1 n /0/ nw',
'| CP'
if rc = 0
then say 'RACF disabled.'
else say 'Disable of RACF failed.
exit rc
--
Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353
Eastern time. N6LRT I speak for myself & my dogs only. VM'er since CP-67
Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L
Retired at the beach Asst Owner:Sibernet-L
