On 4/26/2007 1:45 PM, Jon Renton wrote:
We can protect the secret name using RACF. Using the rename method, we do
not need to change the original IBM module in case of an
error/emergency/etc. We can still use ADRDSSU directly.
I don't understand how you will "protect the secret name using RACF".
True, you can define it in the PROGRAM class and any user trying to
invoke it directly will fail.
However, when your module eventually tries to invoke the secret name, it
will also fail.
Renaming ADRDSSU, by the way, will potentially cause you some problems
when you try to apply maintenance (PTFs) to the system.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
