On Wednesday, 06/10/2009 at 10:54 EDT, Mark Bodenstein <[email protected]> wrote:
> RACF profile SURROGAT LOGONBY.TESTUSER exists, with the ACL not including > TESTUSER itself. > ... > FTP logon allows users in the ACL to use "testuser.by.surrogate" to log on > to TESTUSER as expected, but DOES allow TESTUSER to logon directly. This > is a surprise. > > Bug, or feature? Bug. Feel free to open a PMR. If you want to stop authentication using TESTUSER, remove its password (ALTUSER TESTUSER NOPASSWORD). Then it can't be used as an authenticator in ANY interface (including RACROUTE REQUEST=VERIFY), it can never be revoked due to invalid password attempts, and isn't subject to password expiry rules. This effectively turns it into AUTOONLY without having to mess with the directory. Alan Altmark z/VM Development IBM Endicott
