I played around with LOGONBY and FTP and found something a little strange.
Context: z/VM 5.4 with RACF installed, CP deferring to RACF for almost everything.
RACF profile SURROGAT LOGONBY.TESTUSER exists, with the ACL not including TESTUSER itself.
CP logon allows users in the ACL to log on to TESTUSER using LOGONBY as expected, and doesn't allow TESTUSER to logon directly, again as expected.
FTP logon allows users in the ACL to use "testuser.by.surrogate" to log on to TESTUSER as expected, but DOES allow TESTUSER to logon directly. This is a surprise.
Bug, or feature? Mark Bodenstein Cornell University At 03:08 PM 6/8/2009, Alan Altmark wrote:
An LBYONLY user must authenticate with their own user ID. E.g. enter maint.by.michael when ftp prompts for your user ID. Alan Altmark z/VM Development IBM Endicott
