To summarize:
There are many ways to skin a cat.
You can use LDAP. You can have looong user id's within LDAP. You can
type anything in JCL (especially in comments or DD *).
You also should distinguish between z/OS and RACF (TSS, ACF2), and JCL
and JES2.
However for security you have to keep
On Wed, 6 May 2020 22:14:40 -0500, Tim Hare wrote:
>... they boil down to authenticating using some non-RACF method, ...
>
Ouch!
Sounds as if RACF needs an RFE, if true.
But what does ssh do, for example?
-- gil
--
For IBM-
As many have stated you are limited to 8 upper case characters, 7 if you still
use UADS; however if the MQ user is off-platform, perhaps one of the various
tools for mapping other IDs to a RACF ID could be used? These are all part of
RACF (not sure about ACF2 or Top Secret) but as I see it the
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
Tom Marchant wrote:
>What is your point? The contents of in-stream data is not part of
>JCL, any more than the contents of some other data set referenced
>in a DD statement is.
Paul Gilmartin wrote:
>There's a qua
Tom Marchant wrote:
>What is your point? The contents of in-stream data is not part of
>JCL, any more than the contents of some other data set referenced
>in a DD statement is.
Paul Gilmartin wrote:
>There's a qualitative difference. The Reader or Converter must
>inspect every record of an in-str
On Tue, 5 May 2020 15:07:59 -0500, Tom Marchant wrote:
>On Tue, 5 May 2020 15:03:06 +0800, Timothy Sipples wrote:
>
>>Shmuel Metz wrote:
>>>Regardless of why it is coded that way, the code is in
>>>the C/I and the error message comes from the C/I.
>>
>>Yes, and in-stream data is an intrinsic featu
On Tue, 5 May 2020 15:03:06 +0800, Timothy Sipples wrote:
>Shmuel Metz wrote:
>>Regardless of why it is coded that way, the code is in
>>the C/I and the error message comes from the C/I.
>
>Yes, and in-stream data is an intrinsic feature of the Job Control
>Language (JCL). It says so right here,
Shmuel Metz wrote:
>Regardless of why it is coded that way, the code is in
>the C/I and the error message comes from the C/I.
Yes, and in-stream data is an intrinsic feature of the Job Control
Language (JCL). It says so right here, among other places:
https://www.ibm.com/support/knowledgecenter/
2:46 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
The maximum length on Linux is 32; whether MQ will work with a name longer than
12 is a separate issue. There are also Linux commands that will display the UID
instead of a username longer than 8. LDAP can map long names to short.
On Mon, 4 May 2020 15:31:52 -0500, Tom Marchant wrote:
>On Mon, 4 May 2020 19:14:31 +, Frank Swarbrick wrote:
>
>>What I would love to see is some sort of "single signon" option, where a user
>>would only need
>>to sign on to their personal workstation and not need to explicitly sign on
>>t
Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Frank Swarbrick [frank.swarbr...@outlook.com]
Sent: Monday, May 4, 2020 2:48 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
__
From: IBM Mainframe Discussion List on behalf of
Walt Farrell
Sent: Sunday, May 3, 2020 7:22 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick
wrote:
>Is z/OS still limited in all cases to 8 upper case char
e everyone is.'
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Seymour J Metz
Sent: 04 May 2020 17:05
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Mainframe user ID length
Your claim was "You can specify pretty much anything you want in JCL.&qu
_
From: IBM Mainframe Discussion List on behalf of
Timothy Sipples
Sent: Saturday, May 2, 2020 12:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
Frank Swarbrick wrote:
>"more than 8"? What's the limit, if any?
The z/OS LDAP Server's CN li
ssion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Timothy Sipples [sipp...@sg.ibm.com]
Sent: Monday, May 4, 2020 1:22 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
Shmuel Metz wrote:
>According to MVS JCL Reference, SA23-1385-40, both
>USER=abcdefghi and EMAIL=foo+..
Shmuel Metz wrote:
>According to MVS JCL Reference, SA23-1385-40, both
>USER=abcdefghi and EMAIL=foo+...@patriot.net are
>illegal. That's not a JES issue.
It is JES's issue. JCL is simply respecting JES limits there using that
particular syntax. If you want to pass a longer user ID to something e
This, by the way, has been a fascinating discussion, for me at least. My
thanks to Mr Sipples for contradicting what I thought I knew without
question.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* Being a programmer is one thing above all else: It is understanding how
things work
So maybe - maybe, I don't know either - if I sign on to z/OS with a
certificate, or LDAP, or anything other than the usual, the sign-on routine
MAKES UP an 8-byte ID and stores it in the ACEE. If so, after that
everything works fine, I guess.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7
On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick
wrote:
>Is z/OS still limited in all cases to 8 upper case characters? I am curious
>if a user that only has access to MQ might be able to have a longer and
>ideally mixed case user ID. They wouldn't have access to TSO or CICS or IMS.
It is
___
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Timothy Sipples [sipp...@sg.ibm.com]
Sent: Saturday, May 2, 2020 2:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
Frank Swarbrick wrote:
>"more than 8"? What's the lim
f Of Bob Bridges
Sent: Saturday, May 2, 2020 11:10 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
But...but... (Still expostulating, here, you see.) When I want to open a
dataset for editing in TSO, the OS sends a question to the security system,
asking "is allowed t
On Sat, 2 May 2020 14:34:26 +0800, Timothy Sipples wrote:
>Frank Swarbrick wrote:
>>"more than 8"? What's the limit, if any?
>
>The z/OS LDAP Server's CN limit is 256 characters, so it's at least that
>large.
>
>>Which system components/products permit/prohibit this?
>>(Start your list with JCL.
But...but... (Still expostulating, here, you see.) When I want to open a
dataset for editing in TSO, the OS sends a question to the security system,
asking "is allowed to ?".
To identify it specifies my ID. The question is routed to
RACF, ACF2 or Top Secret, and the part of the OS that is per
Frank Swarbrick wrote:
>"more than 8"? What's the limit, if any?
The z/OS LDAP Server's CN limit is 256 characters, so it's at least that
large.
>Which system components/products permit/prohibit this?
>(Start your list with JCL.)
You can specify pretty much anything you want in JCL. Do you mea
On Fri, 1 May 2020 12:37:58 -0400, Bob Bridges wrote:
>...
>Or put it this way: If you say I can be authenticated via LPAR using a
>longer ID, and then perform tasks on the mainframe using that ID, how does
>RACF-or-whatever determine permissions? The OS asks whether has
>access to datasets
You sound like you know what you're talking about, so please interpret the
following expostulations more as questions than as outright contradictions:
TS> First of all, user authentication isn't necessarily required.
Me> Sure, as for example in CICS. In that case CICS supplied a default
userID,
On Fri, 1 May 2020 13:41:54 +0800, Timothy Sipples wrote:
>Frank Swarbrick wrote:
>>Is z/OS still limited in all cases to 8 upper case characters?
>
>No. The IBM Directory Server for z/OS supports more than 8 upper case
>character user IDs. That's a standard, included, IBM supported feature in
>
Frank Swarbrick wrote:
>Is z/OS still limited in all cases to 8 upper case characters?
No. The IBM Directory Server for z/OS supports more than 8 upper case
character user IDs. That's a standard, included, IBM supported feature in
the base z/OS operating system.
Bob Bridges wrote:
>MQ, TSO, CIC
The past, yes, obviously. Also obviously: Not so very dead.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* If everyone is thinking alike, then someone isn't thinking. -Geoge S
Patton */
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.ED
: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick wrote:
>Is z/OS still limited in all cases to 8 upper case characters? I am curious
>if a user that only has access to MQ might be able to have a longer and
>ideally
@LISTSERV.UA.EDU] on behalf of
Wayne Bickerdike [wayn...@gmail.com]
Sent: Thursday, April 30, 2020 9:44 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
We use max 7 char user IDS. Often I can't be bothered putting a job card on
a quick job, TSO SUBMIT uses your user ID and asks
On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick wrote:
>Is z/OS still limited in all cases to 8 upper case characters? I am curious
>if a user that only has access to MQ might be able to have a longer and
>ideally mixed case user ID. They wouldn't have access to TSO or CICS or IMS.
>
Exten
We use max 7 char user IDS. Often I can't be bothered putting a job card on
a quick job, TSO SUBMIT uses your user ID and asks for a character to add
to the job. Since a jobname is limited to 8 chars, makes life simple.
On Fri, May 1, 2020 at 8:21 AM Bob Bridges wrote:
> MQ, TSO, CICS, IMS - wha
MQ, TSO, CICS, IMS - whatever the environment, the ID has to be
authenticated by RACF (or ACF2, or TSS). As far as I know they're all
limited to the usual 39 characters, and a max length of eight.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* If everyone is thinking alike, then so
//mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Mike Schwab [mike.a.sch...@gmail.com]
Sent: Thursday, April 30, 2020 4:43 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
USERID length can
vid Spiegel
>Sent: Apr 30, 2020 5:02 PM
>To: IBM-MAIN@LISTSERV.UA.EDU
>Subject: Re: [IBM-MAIN] Mainframe user ID length
>
>TSO used to have a limit of 7.
>
>On 2020-04-30 16:43, Mike Schwab wrote:
>> USERID length can be 8.
>>
>> TSO USED to have a limit of 8,
user ID, not the password/pass phrase. But thanks.
From: IBM Mainframe Discussion List on behalf of Jesse 1
Robinson
Sent: Thursday, April 30, 2020 2:03 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
RACF can now handle 'password phrase
My bad. Yeah 8 char userid’s are still the standard but I’d never allocate one
more than 7.
Sent from Yahoo Mail for iPhone
On Thursday, April 30, 2020, 4:02 PM, Mark Jacobs
<0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote:
I looked at SYS1.MACLIB(IHAACEE)
ACEEUSER DS 0CL9
Pass phrases are permitted. For years now.
Sent from Yahoo Mail for iPhone
On Thursday, April 30, 2020, 3:54 PM, Mark Jacobs
<0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote:
Looks like it. I tried to add a userid with 9 characters, it wouldn't accept
it. i didn't try lower case in a b
D, not the password/pass phrase. But thanks.
>
>
> From: IBM Mainframe Discussion List on behalf of
> Jesse 1 Robinson
> Sent: Thursday, April 30, 2020 2:03 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Mainframe user ID length
>
> RACF can now handle 'pass
Thanks.
From: IBM Mainframe Discussion List on behalf of
Mark Jacobs <0224d287a4b1-dmarc-requ...@listserv.ua.edu>
Sent: Thursday, April 30, 2020 1:54 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
Looks like it. I tried to
I'm asking about the user ID, not the password/pass phrase. But thanks.
From: IBM Mainframe Discussion List on behalf of
Jesse 1 Robinson
Sent: Thursday, April 30, 2020 2:03 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframe user ID length
RACF ca
On 4/30/2020 1:03 PM, Jesse 1 Robinson wrote:
RACF can now handle 'password phrase' of considerable length and/or upper/lower
case passwords. If you allow lower case...
All true, but he was asking about userids, not passwords...
--
Phoenix Software International
Edward E. Jaffe
831 Parkview
Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Frank Swarbrick
Sent: Thursday, April 30, 2020 12:46 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Mainframe user ID length
CAUTION EXTERNAL EMAIL
Is z/OS still
I looked at SYS1.MACLIB(IHAACEE)
ACEEUSER DS0CL9 USERID INFORMATION
ACEEUSRL DSAL1 USERID LENGTH
ACEEUSRI DSCL8 CONTAINS THE VALID RACF USERID @02C
* UNLESS (1) THE USERID ON THE @02C
*
Looks like it. I tried to add a userid with 9 characters, it wouldn't accept
it. i didn't try lower case in a batch job, but I'd assume it would be
converted to uppercase.
Mark Jacobs
Sent from ProtonMail, Swiss-based encrypted email.
GPG Public Key -
https://api.protonmail.ch/pks/lookup?op=g
Is z/OS still limited in all cases to 8 upper case characters? I am curious if
a user that only has access to MQ might be able to have a longer and ideally
mixed case user ID. They wouldn't have access to TSO or CICS or IMS.
-
47 matches
Mail list logo