Re: Mainframe user ID length

To summarize: There are many ways to skin a cat. You can use LDAP. You can have looong user id's within LDAP. You can type anything in JCL (especially in comments or DD *). You also should distinguish between z/OS and RACF (TSS, ACF2), and JCL and JES2. However for security you have to keep

Re: Mainframe user ID length

On Wed, 6 May 2020 22:14:40 -0500, Tim Hare wrote: >... they boil down to authenticating using some non-RACF method, ... > Ouch! Sounds as if RACF needs an RFE, if true. But what does ssh do, for example? -- gil -- For IBM-

Re: Mainframe user ID length

As many have stated you are limited to 8 upper case characters, 7 if you still use UADS; however if the MQ user is off-platform, perhaps one of the various tools for mapping other IDs to a RACF ID could be used? These are all part of RACF (not sure about ACF2 or Top Secret) but as I see it the

Re: Mainframe user ID length

To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length Tom Marchant wrote: >What is your point? The contents of in-stream data is not part of >JCL, any more than the contents of some other data set referenced >in a DD statement is. Paul Gilmartin wrote: >There's a qua

Re: Mainframe user ID length

Tom Marchant wrote: >What is your point? The contents of in-stream data is not part of >JCL, any more than the contents of some other data set referenced >in a DD statement is. Paul Gilmartin wrote: >There's a qualitative difference. The Reader or Converter must >inspect every record of an in-str

Re: Mainframe user ID length

On Tue, 5 May 2020 15:07:59 -0500, Tom Marchant wrote: >On Tue, 5 May 2020 15:03:06 +0800, Timothy Sipples wrote: > >>Shmuel Metz wrote: >>>Regardless of why it is coded that way, the code is in >>>the C/I and the error message comes from the C/I. >> >>Yes, and in-stream data is an intrinsic featu

Re: Mainframe user ID length

On Tue, 5 May 2020 15:03:06 +0800, Timothy Sipples wrote: >Shmuel Metz wrote: >>Regardless of why it is coded that way, the code is in >>the C/I and the error message comes from the C/I. > >Yes, and in-stream data is an intrinsic feature of the Job Control >Language (JCL). It says so right here,

Re: Mainframe user ID length

Shmuel Metz wrote: >Regardless of why it is coded that way, the code is in >the C/I and the error message comes from the C/I. Yes, and in-stream data is an intrinsic feature of the Job Control Language (JCL). It says so right here, among other places: https://www.ibm.com/support/knowledgecenter/

Re: Mainframe user ID length

2:46 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length The maximum length on Linux is 32; whether MQ will work with a name longer than 12 is a separate issue. There are also Linux commands that will display the UID instead of a username longer than 8. LDAP can map long names to short.

Re: Mainframe user ID length (not ... Digest ...)

On Mon, 4 May 2020 15:31:52 -0500, Tom Marchant wrote: >On Mon, 4 May 2020 19:14:31 +, Frank Swarbrick wrote: > >>What I would love to see is some sort of "single signon" option, where a user >>would only need >>to sign on to their personal workstation and not need to explicitly sign on >>t

Re: Mainframe user ID length

Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Frank Swarbrick [frank.swarbr...@outlook.com] Sent: Monday, May 4, 2020 2:48 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length

Re: Mainframe user ID length

__ From: IBM Mainframe Discussion List on behalf of Walt Farrell Sent: Sunday, May 3, 2020 7:22 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick wrote: >Is z/OS still limited in all cases to 8 upper case char

Re: Mainframe user ID length

e everyone is.' -Original Message- From: IBM Mainframe Discussion List On Behalf Of Seymour J Metz Sent: 04 May 2020 17:05 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] Mainframe user ID length Your claim was "You can specify pretty much anything you want in JCL.&qu

Re: Mainframe user ID length

_ From: IBM Mainframe Discussion List on behalf of Timothy Sipples Sent: Saturday, May 2, 2020 12:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length Frank Swarbrick wrote: >"more than 8"? What's the limit, if any? The z/OS LDAP Server's CN li

Re: Mainframe user ID length

ssion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Timothy Sipples [sipp...@sg.ibm.com] Sent: Monday, May 4, 2020 1:22 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length Shmuel Metz wrote: >According to MVS JCL Reference, SA23-1385-40, both >USER=abcdefghi and EMAIL=foo+..

Re: Mainframe user ID length

Shmuel Metz wrote: >According to MVS JCL Reference, SA23-1385-40, both >USER=abcdefghi and EMAIL=foo+...@patriot.net are >illegal. That's not a JES issue. It is JES's issue. JCL is simply respecting JES limits there using that particular syntax. If you want to pass a longer user ID to something e

Re: Mainframe user ID length

This, by the way, has been a fascinating discussion, for me at least. My thanks to Mr Sipples for contradicting what I thought I knew without question. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* Being a programmer is one thing above all else: It is understanding how things work

Re: Mainframe user ID length

So maybe - maybe, I don't know either - if I sign on to z/OS with a certificate, or LDAP, or anything other than the usual, the sign-on routine MAKES UP an 8-byte ID and stores it in the ACEE. If so, after that everything works fine, I guess. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7

Re: Mainframe user ID length

On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick wrote: >Is z/OS still limited in all cases to 8 upper case characters? I am curious >if a user that only has access to MQ might be able to have a longer and >ideally mixed case user ID. They wouldn't have access to TSO or CICS or IMS. It is

Re: Mainframe user ID length

___ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Timothy Sipples [sipp...@sg.ibm.com] Sent: Saturday, May 2, 2020 2:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length Frank Swarbrick wrote: >"more than 8"? What's the lim

Re: Mainframe user ID length

f Of Bob Bridges Sent: Saturday, May 2, 2020 11:10 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length But...but... (Still expostulating, here, you see.) When I want to open a dataset for editing in TSO, the OS sends a question to the security system, asking "is allowed t

Re: Mainframe user ID length

On Sat, 2 May 2020 14:34:26 +0800, Timothy Sipples wrote: >Frank Swarbrick wrote: >>"more than 8"? What's the limit, if any? > >The z/OS LDAP Server's CN limit is 256 characters, so it's at least that >large. > >>Which system components/products permit/prohibit this? >>(Start your list with JCL.

Re: Mainframe user ID length

But...but... (Still expostulating, here, you see.) When I want to open a dataset for editing in TSO, the OS sends a question to the security system, asking "is allowed to ?". To identify it specifies my ID. The question is routed to RACF, ACF2 or Top Secret, and the part of the OS that is per

Re: Mainframe user ID length

Frank Swarbrick wrote: >"more than 8"? What's the limit, if any? The z/OS LDAP Server's CN limit is 256 characters, so it's at least that large. >Which system components/products permit/prohibit this? >(Start your list with JCL.) You can specify pretty much anything you want in JCL. Do you mea

Re: Mainframe user ID length

On Fri, 1 May 2020 12:37:58 -0400, Bob Bridges wrote: >... >Or put it this way: If you say I can be authenticated via LPAR using a >longer ID, and then perform tasks on the mainframe using that ID, how does >RACF-or-whatever determine permissions? The OS asks whether has >access to datasets

Re: Mainframe user ID length

You sound like you know what you're talking about, so please interpret the following expostulations more as questions than as outright contradictions: TS> First of all, user authentication isn't necessarily required. Me> Sure, as for example in CICS. In that case CICS supplied a default userID,

Re: Mainframe user ID length

On Fri, 1 May 2020 13:41:54 +0800, Timothy Sipples wrote: >Frank Swarbrick wrote: >>Is z/OS still limited in all cases to 8 upper case characters? > >No. The IBM Directory Server for z/OS supports more than 8 upper case >character user IDs. That's a standard, included, IBM supported feature in >

Re: Mainframe user ID length

Frank Swarbrick wrote: >Is z/OS still limited in all cases to 8 upper case characters? No. The IBM Directory Server for z/OS supports more than 8 upper case character user IDs. That's a standard, included, IBM supported feature in the base z/OS operating system. Bob Bridges wrote: >MQ, TSO, CIC

Re: Mainframe user ID length

The past, yes, obviously. Also obviously: Not so very dead. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* If everyone is thinking alike, then someone isn't thinking. -Geoge S Patton */ -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.ED

Re: Mainframe user ID length

: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick wrote: >Is z/OS still limited in all cases to 8 upper case characters? I am curious >if a user that only has access to MQ might be able to have a longer and >ideally

Re: Mainframe user ID length

@LISTSERV.UA.EDU] on behalf of Wayne Bickerdike [wayn...@gmail.com] Sent: Thursday, April 30, 2020 9:44 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length We use max 7 char user IDS. Often I can't be bothered putting a job card on a quick job, TSO SUBMIT uses your user ID and asks

Re: Mainframe user ID length

On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick wrote: >Is z/OS still limited in all cases to 8 upper case characters? I am curious >if a user that only has access to MQ might be able to have a longer and >ideally mixed case user ID. They wouldn't have access to TSO or CICS or IMS. > Exten

Re: Mainframe user ID length

We use max 7 char user IDS. Often I can't be bothered putting a job card on a quick job, TSO SUBMIT uses your user ID and asks for a character to add to the job. Since a jobname is limited to 8 chars, makes life simple. On Fri, May 1, 2020 at 8:21 AM Bob Bridges wrote: > MQ, TSO, CICS, IMS - wha

Re: Mainframe user ID length

MQ, TSO, CICS, IMS - whatever the environment, the ID has to be authenticated by RACF (or ACF2, or TSS). As far as I know they're all limited to the usual 39 characters, and a max length of eight. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* If everyone is thinking alike, then so

Re: Mainframe user ID length

//mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Mike Schwab [mike.a.sch...@gmail.com] Sent: Thursday, April 30, 2020 4:43 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length USERID length can

Re: Mainframe user ID length

vid Spiegel >Sent: Apr 30, 2020 5:02 PM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Re: [IBM-MAIN] Mainframe user ID length > >TSO used to have a limit of 7. > >On 2020-04-30 16:43, Mike Schwab wrote: >> USERID length can be 8. >> >> TSO USED to have a limit of 8,

Re: Mainframe user ID length

user ID, not the password/pass phrase. But thanks. From: IBM Mainframe Discussion List on behalf of Jesse 1 Robinson Sent: Thursday, April 30, 2020 2:03 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length RACF can now handle 'password phrase

Re: Mainframe user ID length

My bad. Yeah 8 char userid’s are still the standard but I’d never allocate one more than 7. Sent from Yahoo Mail for iPhone On Thursday, April 30, 2020, 4:02 PM, Mark Jacobs <0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote: I looked at SYS1.MACLIB(IHAACEE) ACEEUSER DS    0CL9         

Re: Mainframe user ID length

Pass phrases are permitted. For years now. Sent from Yahoo Mail for iPhone On Thursday, April 30, 2020, 3:54 PM, Mark Jacobs <0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote: Looks like it. I tried to add a userid with 9 characters, it wouldn't accept it. i didn't try lower case in a b

Re: Mainframe user ID length

D, not the password/pass phrase. But thanks. > > > From: IBM Mainframe Discussion List on behalf of > Jesse 1 Robinson > Sent: Thursday, April 30, 2020 2:03 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Mainframe user ID length > > RACF can now handle 'pass

Re: Mainframe user ID length

Thanks. From: IBM Mainframe Discussion List on behalf of Mark Jacobs <0224d287a4b1-dmarc-requ...@listserv.ua.edu> Sent: Thursday, April 30, 2020 1:54 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length Looks like it. I tried to

Re: Mainframe user ID length

I'm asking about the user ID, not the password/pass phrase. But thanks. From: IBM Mainframe Discussion List on behalf of Jesse 1 Robinson Sent: Thursday, April 30, 2020 2:03 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe user ID length RACF ca

Re: Mainframe user ID length

On 4/30/2020 1:03 PM, Jesse 1 Robinson wrote: RACF can now handle 'password phrase' of considerable length and/or upper/lower case passwords. If you allow lower case... All true, but he was asking about userids, not passwords... -- Phoenix Software International Edward E. Jaffe 831 Parkview

Re: Mainframe user ID length

Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -Original Message- From: IBM Mainframe Discussion List On Behalf Of Frank Swarbrick Sent: Thursday, April 30, 2020 12:46 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Mainframe user ID length CAUTION EXTERNAL EMAIL Is z/OS still

Re: Mainframe user ID length

I looked at SYS1.MACLIB(IHAACEE) ACEEUSER DS0CL9 USERID INFORMATION ACEEUSRL DSAL1 USERID LENGTH ACEEUSRI DSCL8 CONTAINS THE VALID RACF USERID @02C * UNLESS (1) THE USERID ON THE @02C *

Re: Mainframe user ID length

Looks like it. I tried to add a userid with 9 characters, it wouldn't accept it. i didn't try lower case in a batch job, but I'd assume it would be converted to uppercase. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=g

Mainframe user ID length

Is z/OS still limited in all cases to 8 upper case characters? I am curious if a user that only has access to MQ might be able to have a longer and ideally mixed case user ID. They wouldn't have access to TSO or CICS or IMS. -