On Wednesday, 02/11/2009 at 11:40 EST, Kris Buelens <[email protected]> wrote: > I'm installing z/VM 5.4 with Dirmaint and RACF (and this time > "following the book" as opposed to my own methods). > > I did copy the CONFIGRC SAMPDVH as DATADVH and DIRMAINT sees it. So, > it should have all RACF enablements. > > MAINT is defined as a LOGONBY user and is logged on BY BUELENSC. > When I issue DIRM NEEDPASS NO in MAINT, DIRMAINT prompts me for > MAINT's password: > - I'd say it should prompt for BUELENSC's password > (I am not supposed to know MAINT's password when using LOGONBY) > - So I enter BUELENSC's password and RACF rejects it. Seems that the query > DIRMAINT passes to RACF indeed wants indeed an authentication as MAINT: > OPERATOR gets ICH301I MAXIMUM PASSWORD ATTEMPTS BY SPECIAL USER MAINT > > Is this supposed to work?
I would say "No." You have LOGON BY access, but that doesn't confer "modify the directory" permission. If MAINT is LBYONLY (in the RACF sense) then you need to make such changes from another user who is authorized to act FOR MAINT. Alan Altmark z/VM Development IBM Endicott
