Re: What do y'all think of this? No password expiration time
My new password is correct horse battery staple On Wed, Jun 12, 2019 at 10:46 AM Paul Gilmartin < 000433f07816-dmarc-requ...@listserv.ua.edu> wrote: > On Wed, 12 Jun 2019 11:13:47 -0400, Phil Smith III wrote: > > >John McKown wrote: > > > Which article are you replying to? I can't find it. IIRC, I even > commented on it. URL? > > >>True. I really like the fact that when I log into TSO, it tells me the > last > >>time my ID was used for some purpose. I wish that the log in to z/OS > UNIX, > >>via ssh, did the same thing. > > > I believe Walt Farrell(?) commented, years ago, that that function is > buried > inextricably in TSO logon processing. > > Conway's Law. Another case where IBM designers appear to flee from > reusable code. Some systems even have a user command to display > that information electively. > > >>Which makes me wonder if some sort of daily (weekly?) report should be > done > >>for each RACF ID associated with a "person" which reports all the "logon" > >>and perhaps "logoff" activity and then email it to them > > > >Nice idea...but most folks would just delete it unread after the first > week. > > > >As for the article: NIST said the same thing last year, but now that > Microsoft is repeating it, it's finally getting some press. That's kind of > sad and scary. > > > Cite? URLs? I find: > https://pages.nist.gov/800-63-FAQ/#q-b5 > On password expiration > https://xkcd.com/936/ > > -- gil > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: What do y'all think of this? No password expiration time
On Wed, 12 Jun 2019 16:54:47 +, Wayne Driscoll wrote: >It clearly isn't buried in TSO logon, because the same ICH70001I message >issued at TSO login is also issued to the JESMSGLG dataset of a batch job. I >believe it has to do with the use of the MSGxxx operands on the RACROUTE >request. > Whatever. The root question is, why doesn't ssh login display it likewise? >-Original Message- >From: Paul Gilmartin >Sent: Wednesday, June 12, 2019 10:46 AM > >>>True. I really like the fact that wnen I log into TSO, it tells me the >>>last time my ID was used for some purpose. I wish that the log in to >>>z/OS UNIX, via ssh, did the same thing. >> >I believe Walt Farrell(?) commented, years ago, that that function is buried >inextricably in TSO logon processing. > >Conway's Law. Another case where IBM designers appear to flee from reusable >code. Some systems even have a user command to display that information >electively. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: What do y'all think of this? No password expiration time
It clearly isn't buried in TSO logon, because the same ICH70001I message issued at TSO login is also issued to the JESMSGLG dataset of a batch job. I believe it has to do with the use of the MSGxxx operands on the RACROUTE request. Wayne Driscoll Rocket Software Note - All opinions are strictly my own. -Original Message- From: IBM Mainframe Discussion List On Behalf Of Paul Gilmartin Sent: Wednesday, June 12, 2019 10:46 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: What do y'all think of this? No password expiration time On Wed, 12 Jun 2019 11:13:47 -0400, Phil Smith III wrote: >John McKown wrote: > Which article are you replying to? I can't find it. IIRC, I even commented on it. URL? >>True. I really like the fact that when I log into TSO, it tells me the >>last time my ID was used for some purpose. I wish that the log in to >>z/OS UNIX, via ssh, did the same thing. > I believe Walt Farrell(?) commented, years ago, that that function is buried inextricably in TSO logon processing. Conway's Law. Another case where IBM designers appear to flee from reusable code. Some systems even have a user command to display that information electively. >>Which makes me wonder if some sort of daily (weekly?) report should be >>done for each RACF ID associated with a "person" which reports all the "logon" >>and perhaps "logoff" activity and then email it to them > >Nice idea...but most folks would just delete it unread after the first week. > >As for the article: NIST said the same thing last year, but now that Microsoft >is repeating it, it's finally getting some press. That's kind of sad and scary. > Cite? URLs? I find: https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpages.nist.gov%2F800-63-FAQ%2F%23q-b5data=02%7C01%7Cwdriscoll%40ROCKETSOFTWARE.COM%7C7de3610ad2424deaed6e08d6ef4d1d8d%7C79544c1eed224879a082b67a9a672aae%7C0%7C0%7C636959511824788501sdata=6qxbbdgBeuB5U8qvJFuv0Z6PS3bYzi6u8bagTpS4UxE%3Dreserved=0 On password expiration https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fxkcd.com%2F936%2Fdata=02%7C01%7Cwdriscoll%40ROCKETSOFTWARE.COM%7C7de3610ad2424deaed6e08d6ef4d1d8d%7C79544c1eed224879a082b67a9a672aae%7C0%7C0%7C636959511824798497sdata=hsSarv97DDKnEkQd3wZfRe9Gh52aQWuy5jRUOwGGz4I%3Dreserved=0 -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: What do y'all think of this? No password expiration time
John McKown wrote: > Which article are you replying to? I can't find it. IIRC, I even commented > on it. URL? My bad. This was on RACF-L. You posted it! https://www.sans.org/security-awareness-training/blog/time-password-expiration-die Re NIST: jeez, it wasn't LAST year, it was almost three years ago. This is the article I remember: https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ But yes, 800-63. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: What do y'all think of this? No password expiration time
On Wed, 12 Jun 2019 11:13:47 -0400, Phil Smith III wrote: >John McKown wrote: > Which article are you replying to? I can't find it. IIRC, I even commented on it. URL? >>True. I really like the fact that when I log into TSO, it tells me the last >>time my ID was used for some purpose. I wish that the log in to z/OS UNIX, >>via ssh, did the same thing. > I believe Walt Farrell(?) commented, years ago, that that function is buried inextricably in TSO logon processing. Conway's Law. Another case where IBM designers appear to flee from reusable code. Some systems even have a user command to display that information electively. >>Which makes me wonder if some sort of daily (weekly?) report should be done >>for each RACF ID associated with a "person" which reports all the "logon" >>and perhaps "logoff" activity and then email it to them > >Nice idea...but most folks would just delete it unread after the first week. > >As for the article: NIST said the same thing last year, but now that Microsoft >is repeating it, it's finally getting some press. That's kind of sad and scary. > Cite? URLs? I find: https://pages.nist.gov/800-63-FAQ/#q-b5 On password expiration https://xkcd.com/936/ -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: What do y'all think of this? No password expiration time
John McKown wrote: >True. I really like the fact that when I log into TSO, it tells me the last >time my ID was used for some purpose. I wish that the log in to z/OS UNIX, >via ssh, did the same thing. >Which makes me wonder if some sort of daily (weekly?) report should be done >for each RACF ID associated with a "person" which reports all the "logon" >and perhaps "logoff" activity and then email it to them Nice idea...but most folks would just delete it unread after the first week. As for the article: NIST said the same thing last year, but now that Microsoft is repeating it, it's finally getting some press. That's kind of sad and scary. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN