Rob van der Heij wrote:
>Actually, the better solution is to have *no* password for TCPMAINT.
>You can with z/VM 5.3. Without a password, the TCPMAINT user can not
>be revoked by incorrect logon attempts. If it were revoked, the
>authorized people could not even logon to it with logonby. Also, you
>don't put individual users on the access list of the surrogate
>profile, but primarily groups of users. That way it is very easy to
>handle people joining or leaving the group or change their role. And
>if needed, you can use Q BYUSER in the PROFILE EXEC to see which
>person is using the shared userid.
Be careful about what "*no* password" means. Rob is talking about RACF.
The directory allows a password of NOPASS, which might seem to be the
obvious thing if you don't read the manual. NOPASS actually allows
anyone to log on without specifying a password. If using VM:Secure or
no ESM, specify a password of LBYONLY.
Dennis
We are Borg of America. You will be assimilated. Resistance is futile.
