Hello Alan, I agree with you totally. And we are the ones with the password repository call, yep you guess it, a file on MAINT's 2CC disk.
I have been passing all you wonderful comments on to our compliance and unit directors. They are looking for a Chuckie at IBM! Ed Martin Aultman Health Foundation 330-363-5050 ext 35050 -----Original Message----- From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of Alan Altmark Sent: Monday, September 20, 2010 3:12 PM To: [email protected] Subject: Re: Automated Logon (autofill userid and password) using TN3270 of TCP/IP for VM or Logical Device On Monday, 09/20/2010 at 02:47 EDT, David Boyes <[email protected]> wrote: > No one has mentioned the super-handy SESSION yet. SESSION allows you to define > and manage LDEV sessions from a existing CMS logon (if on the same system). I > don?t think it would be terrifically hard to add the ability to read the > session authentication details from a file to SESSION. : > If you?re going to store PWs in a file, SFS is probably a slightly (note: > *slightly*) safer option. Gives you a bit more granular access control. I encourage folks NOT to create anything that makes it easier to store unencrypted passwords. I'd rather have an APPC/IUCV-based password server that will return a user's password if the requester hase been authorized to retrieve it. It could supply a RACF PassTicket or the value out of the directory. (The app doesn't care which it is.) (Almost) ANYTHING is better than creating password repository that must be audited and managed. (gag) Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 [email protected] IBM Endicott
