a5a-dbsu_xn3dQ$<https://urldefense.com/v3/__https:/www.ibm.com/docs/en/zos/2.5.0?topic=process-activating-password-phrase-support__;!!MwwqYLOC6b6whF7V!kylPYKnwdjWq2zinwEHX6KCGkN7b-FOLONDAQXt48DW1bdf5DxDIMxHFDZ0Gxj-G1aZW8BUTita5a-dbsu_xn3dQ$>>
on how to change it.
On Wed, 14 Jun 2023 at 15:
Probably the easiest would be to remove a user’s password and set a phrase for
them.
ALU userid NOPASSWORD PHRASE(‘This user must use a phrase now’) EXPIRED
Tom Chicklon
From: IBM Mainframe Discussion List On Behalf Of
rpinion865
Sent: Wednesday, June 14, 2023 9:25 AM
To:
I'm not aware of a way for a general user to be able to reset the PW of
privileged users. Maybe someone else does.
But to reset other non-privileged users, take a look at
FACILITY(IRR.PASSWORD.RESET)
A voice of reason Allan, thanks for saying what many of us are thinking.
I really miss the days when this was a moderated forum and the NOPOST setting
would occasionally be used to keep things on track.
More noise than IBM mainframe discussion lately.
Tom Chicklon
-Original Message-
As long as you are relatively current with your TSS maintenance, there are TSS
versions in CAKOJCL0 of the IBM samples for zOSMF setup that have had the RACF
commands converted to TSS commands.
Both what IBM and Broadcom provide are just samples, it still takes a bit of
massaging for your
The first question you need to answer for yourself is do you need a router, or
will the ISP supplied router work for what you want to do.
There have been a few other suggestions for a set up that includes a router.
I have ATT, and use their modem/router/phone/AP device. I just turn off the
No one must have told the marketing folks that the fraction 5/3 is five thirds
and not Fifth Third.
Tom Chicklon
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Seymour J Metz
Sent: Wednesday, January 8, 2020 1:08 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Job
5/3 is in fact a play on the name of the bank: Fifth Third Bank. As another
poster pointed out the origins of the name date back many years when the Fifth
National Bank and Third National Bank merged. It is also used on logos, and is
the general URL for the bank: www.53.com
Tom Chicklon
Fifth
> Probably 8-10 hours if I remember right when we made that jump a year or so
> ago. We normally allot 5-6 hours of time for IBM
> to complete before our maintenance window, and in this particular case, we
> almost blew through our window of work because the
> updates ran so long. WE now
You'll need 2 things...
First, if TSSUTIL only listed violations, you may not be logging INIT events,
in which case no log on audit data is being produced and thus no tool will be
able to report what you are looking for. Check out the LOG control options and
make sure you have INIT set:
*
CAUNZIP is a TSO command, and is delivered as a part of CA Common Services. For
us, it lives in CAW0LINK which is in our LNKLST concatenation.
Tom Chicklon
>>I'm trying to find where I can find CAUNZIP that's described in Carmen's link.
This e-mail transmission contains information that is
CA does provide a process to take the scart0.zip file and get it into a format
that RECEIVE FROMNTS can use.
I was fortunate in that I could FTP both the hold data and scart0.zip directly
to my mainframe. For those who cannot directly FTP from CA, this works rather
well, you just need to add
I have downloaded the latest 2811 page document. In the product enhancements
section, on page 98:
Data Set Encryption Support (RO97892)
New z/OS DFSMS capabilities for data encryption require key labels when
allocating encrypted data
sets. These labels identify a protected data key in the
These may be of interest:
CA opened a problem:
https://support.ca.com/us/download-center/problem-detail.html?docid=650097=TSSMVS=9937
And has an enhancement PTF:
https://support.ca.com/us/download-center/solution-detail.html?docid=650087=OS=RO97892
I've downloaded the PTF, but not much in its
For Top Secret shops, the TSS commands are:
Add to CERTAUTH:
tss add(certauth) digicert(DigiGRCA) +
dcdsn(cert.certauth.digigrca)+
lablcert('DigiCert Global Root CA') +
trust target(=)
And for each SMPE user:
What are you using for MFA?
CA's relatively new Advanced Authentication Mainframe product will let you map
a Top Secret user ID to a different ID for RSA authorization. I used this set
up for initial testing of the product- log on to the mainframe using a test ID
that is mapped to my real ID's
We run a number of PKI domains, each with their own web server. Had heard a tip
back when we converted to Apache that if you use 8 character job names for the
web server STC, a simple stop command against that name works just fine. So,
all my web servers all have 8 character names and we never
This makes me chuckle on a Friday afternoon... an admonishment to others to
silently correct an observed misspelling, while carrying forward the
misspelling in the subject of a not so silent post. :)
Tom Chicklon
I wonder why someone has not has not changed this thread's
How about Resource Action. Laid off. Fired. Downsized. Rightsized. All mean
pretty much the same thing.
Tom Chicklon
---
RA? I suspect resource allocation or thereabouts, but??
Deep cost cutting and USA staff that has been
RA'ed to the max, leaving sketchy support
For your own sanity, set this up in a batch job, instead of executing the
commands online in TSO. I own security on my TECH sandbox systems, meaning I
get to replace each SMPE user's certificate once a year. Same process every
year, they get a new cert and sent to me, I upload, replacing the
Top Secret seems perfectly happy with 256. Just imported one this morning with
the following attributes:
Organization . . . : PS
Record format . . . : VB
Record length . . . : 256
Block size . . . . : 27998
-Original Message-
From: IBM Mainframe Discussion List
Hoping someone can help you Rob, as my attempts to use KEYXFER to transfer
between systems with different master keys have not been successful. Works just
fine between systems with the same master keys, of course...
Tom Chicklon
---
I am looking for a method/utility to
Allan Staller has put you on the right track - gather information from experts
on what *is* considered best practices. This will be needed for the management
response to this finding.
If you can, ask the auditor where this recommendation came from. Who is it that
claims this is a best
23 matches
Mail list logo