One thing not mentioned by others (unless I missed it) - if you have
VM:Secure for your ESM, if you use logonby to log on to a userid, say
ALAN for purposes of discussion, and try to use VM:Secure to change any
of the security settings, you must give the logged on machine's password
in response to any prompts. You cannot change ALAN's passwords or rules
without knowing ALAN's password. I would hope that other ESMs, including
RACF, had similar requirements.
Regards,
Richard Schuh
________________________________
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Ivica Brodaric
Sent: Monday, September 22, 2008 9:08 PM
To: [email protected]
Subject: Re: LOGONBY
So if I understand LOGONBY it simply allows a user to
logon to lets say TCPMAINT using the user's own PASSWORD. Does this mean
you still use TCPMAINT as the userid?
That's correct. LOGONBY will let a user logon to TCPMAINT using
his own userid and password of his own userid (the command will be
"LOGON TCPMAINT BY userid"). That will leave an audit trail of *who*
logged on to TCPMAINT and when. But the main advantage of LOGONBY is
that user does not need to know TCPMAINT's password. That also means
that you can change it without having to tell anyone about it.
If you set *yourself* with LOGONBY to all "system-type" userids,
you will not have to remember multiple passwords, just your own. Then,
you can even let your ESM generate random passwords for userids like
TCPMAINT, because you don't really have to know it either. NB, don't do
this (random passwords) until you are comfortable with LOGONBY. Just
don't tell anyone about the passwords.
Ivica Brodaric
