The auditor problem is why I would like ALL userid setups to be done
automatically by the install process before being inserted into a
default DIRMAINT server before I as the installer ever get to edit the
master directory. And all of the default settings should be as closed
down as possible, OPERATOR/MAINT in LBYONLY mode, other servers in
AUTOONLY, placeholders in NOLOG and only the real interactive userids
that I added through a programmed dialog with the passwords that I
assigned.
I wish password syntax validation could be added but that sort of means
more code in DIRMAINT or having RACF as the automatic ESM.
/Tom Kern
/301-903-2211
David Boyes wrote:
Actually, it's much easier, at least in my opinion, to do the massive
edits
to the directory before handing off the first version to DirMaint or
some
other directory manager. Why do in 100 or more dirm commands what you
could
do in three or four xedit commands.
Easier, but you have no evidence that you actually did so if some
auditor yahoo comes and whines about it. You also can then ensure that
whatever new passwords assigned actually meet your password policies,
etc, etc, blah, blah.
I'm not disagreeing that doing it before the load into DIRM is a lot
easier, just been dealing with too many whiny auditor types recently to
think it's likely to get past some of them. But, your suggestion is
certainly better than the current situation, anyway.
Whatever happened to RPWLIST FILE in the install process? There was a
step in the VM/SP or HPO installation that forced you to change the
default passwords, and you couldn't use anything that was in RPWLIST
FILE, which included the dumb defaults (same as userid, easy guess,
etc). That step appears to have fallen out of the current install.
-- db
