On Tue, Apr 21, 2009 at 7:58 PM, RPN01 <[email protected]> wrote: > The problem is that not everyone wants to purchase an external security > manager simply to get this feature. We have no need for an ESM, as, if one > of our four users get out of line, we can just walk over to their cube and > whack them with a board. I'm not buying an ESM to un-secure a single entity > in an already closed box. That makes no sense at all.
Your scope should probably include the users of your applications that run on Linux, not just the few people who have legal permission to logon to a VM userid. I can understand your hesitation in getting RACF/VM involved if you think you don't need that level of control. Apart from the license charges, there's also a pretty heavy learning curve. You need to invest some energy into it before it starts to pay back. And since it is my week of understatement, it's probably fair to say RACF/VM does not feel like a nice soft new sweater to a z/VM person ;-) We used to be in a similar situation with 2nd level test systems where I really did not want to take the time to install and configure RACF/VM, but the code we needed to test was supposed to run on a system with ESM installed. Adding link passwords etc would be a pain and made the test less realistic. So I wrote myself a Tiny Security Manager that took a simple static table of permissions that I needed to grant during the test. And to keep it simple, this ran in the RACFVM userid instead of the real full ESM. Obviously it involved a pipeline connecting to *RPI and a lookup to resolve the access requests. I'm wondering if something like this would be a reasonable option for people with less requirements than RACF/VM. It could even read the directory source to get all passwords in, but maybe the separation of the two is even a good thing. It could free VM development from some of the dual-path solutions. If it were friday I'd suggest RACF CE :-) Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
