Paul Gilmartin wrote:
So, rather than update the obsolescent ADDUSER, ALTUSER, and PASSWORD commands, someone made the misguided decision to introduce a supposedly offseting bogosity in numerous other places in the system? Couldn't they have introduced folding in RACF at that point? A cleverer implementation might have omitted the PARMLIB (or whatever) option and left it up to the user: if the user enters an uppercase only password, set a flag in the RACF segment to select folding in RACROUTE. Or, even, if verification fails as-is, fold ant try again.
Introducing a new option was the only workable alternative. There were literally hundreds of software products folding passwords based on decades-old rules. (We had several of them here.) It was not possible to retrofit password folding into RACF releases IBM no longer supports. The mixed-case password option sets a flag in the RACF CVT. Software products that must run on any z/OS release--including those no longer supported by IBM--can test this flag to determine whether to fold or not. This flag is also set by other vendor's security products, e.g., ACF2 and TSS, for similar reasons.
-- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [email protected] http://www.phoenixsoftware.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
