Raj, Since I am sure you aware that Best Practices say "Eliminate Share IDs", however it seems that you still authenticate the users first, then log them into the systems with this Shared Userid.
To fix you issue maybe one of these may work. 1. Have pool of shared ID and assign the SHARED ID on a round robin method. 2. Create the shared id with a SOURCE. So if access if from a particular IP address or LU NAME , then use a particular SIGNON. 3. In the old days we assign an OPID for uniqueness. 4. If they have been authenticated already, Make the second signon (SHARED) a non RACF/ACF2/TSS ID, by that I mean the old DFHSNT table. Kevin -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Rajeev Vasudevan Sent: Wednesday, June 06, 2007 11:19 AM To: IBM-MAIN@BAMA.UA.EDU Subject: mainframe acces using shared id Hello, We have an issue in one our project. The project is deveopled to see who are using the system using the shared mainframe id. scenario. 1. There are some users who logon to the mainframe using the sharedid and common password and do some inquiry going to the cics region. To see who are using the sysytem in this way ,we have developed a new screen and where the shared users will be entering their individual id & individual password , then only the system will allow to enter to the application in the cics region. Problem: The problem here is that say suppose the user 1 using the shared id and common passord login from terminal 1 and after some time while this user is logged in , say a user 2 is logging in teminal 2 using the shared id and common password , the other user will be automatically kicked out, but still the online cics region will be active & for the 2'nd user the cics region will not ask their individual password and the new screen will not be thrown. Here there is a security issue/flaw involved. we need to control this and this loophole in the design has to be tackled. could some one give us suggestion how to take this? Thanks, Raj --------------------------------- You snooze, you lose. Get messages ASAP with AutoCheck in the all-new Yahoo! Mail Beta. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
