On Saturday, 07/12/2008 at 02:03 EDT, Leland Lucius <[EMAIL PROTECTED]> wrote: > We have removed the password from MAINT and the 2 of us sysprog wannabes > have setup RACF to allow us to LOGONBY to MAINT. Works beautifully. > But, what would happen if some malicious individual decided to attempt > sufficient invalid logons to cause us our IDs to be revoked. How would > we ever get back to MAINT? Now, add in the security admins ID to the > mix. Then what?
If MAINT is SPECIAL, then you can XAUTOLOG MAINT and CP SEND MAINT RAC RESUME your id. You can pick any SPECIAL (well, probably USER-special, not super-user SPECIAL) id to do this. Since it doesn't have a password, it can't be revoked in the way you describe. > Also, any war stories about getting into a situation where no one could > log on due to RACF being unavailable? Should we be concerned about a > case like this? What recovery is possible? Read the RACF Program Directory. By default, RACFVM and RACMAINT can logon if RACF is down. You must know their CP directory passwords. (When RACF is up, those passwords have no effect.) Alan Altmark z/VM Development IBM Endicott
