I agree..... Auditors need not even know a second level installation machine even exist, other than it is just another virtual machine..
Since I am always installing second level only the password for my second level machine needs to be secure. In my opinion this is a single user machine. All of this password manipulation can easily be done before turning the directory over to DIRMAINT and before going to production with a user written exec. -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of RPN01 Sent: Tuesday, October 09, 2007 9:44 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: hacking vm/cms (probably old news) As far as I'm concerned, until the system matches the production environment, it's mine, and auditors have no business looking at it at all; I'll do as I please. They can whine all they want; they don't have an ID on the installation system to look at anything with anyway, so how can they say it isn't secure? -- .~. Robert P. Nix Mayo Foundation /V\ RO-OE-5-55 200 First Street SW /( )\ 507-284-0844 Rochester, MN 55905 ^^-^^ ----- "In theory, theory and practice are the same, but in practice, theory and practice are different." On 10/9/07 9:25 AM, "David Boyes" <[EMAIL PROTECTED]> wrote: > > Easier, but you have no evidence that you actually did so if some > auditor yahoo comes and whines about it. You also can then ensure that > whatever new passwords assigned actually meet your password policies, > etc, etc, blah, blah. > __________________________________________________________________ << ella for Spam Control >> has removed VSE-List messages and set aside VM-List for me You can use it too - and it's FREE! http://www.ellaforspam.com