On Tuesday, 04/21/2009 at 02:00 EDT, RPN01 <[email protected]> wrote: > The problem is that not everyone wants to purchase an external security > manager simply to get this feature. We have no need for an ESM, as, if one > of our four users get out of line, we can just walk over to their cube and > whack them with a board. I'm not buying an ESM to un-secure a single entity > in an already closed box. That makes no sense at all.
I agree. The primary reasons to buy an ESM are 1) to have an audit trail of what your privileged users are doing, 2) to encrypt passwords, 3) to be able to use password phrases (if policy requires passwords > 8 characters) It continues to be my recommendation that all production z/VM systems (or others that have access to sensitive data) have an ESM. If your provisioning process is capable of reliably defining a new user to the system, then I would think it capable of defining that user with the necessary NICDEFs and MODIFY VSWITCH commands in its directory entry. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
