On 12/20/2005 4:46 PM, Chris wrote:
Hi there ....
In an installation some years back, we used (well, our SE provided)
something we called "logon by ...".
So any allowed TSO user could logon to a specific technical user (and its
authorization) using
his own password. This also fullfilled AUDIT requirements, as every logon
was properly logged.
Any idea, how this has to be set-up ? Is it a TSO logon functionality ...
or something within RACF ??
Although RACF has some specific support for "logon by" types of
functions via its SURROGAT processing, the function you had was probably
implemented by either a RACROUTE REQUEST=VERIFY pre-processing exit or
possibly a TSO/E logon exit.
I know that IBM has used a RACROUTE exit internally to do such a
function, and that's what I've usually recommended.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
