I think my auditors and cyber/network security folks would like to make
sure that I had to make a conscious effort to set the userids into
either an ENABLE or DISABLE state. They don't like default passwords. In
VM, we sort of have sub-categories for ENABLE, these being AUTOONLY,
LBYONLY or password-protected. I would not like having ALL userids
placed in NOLOG as part of the installation, but I would not mind being
FORCED to pick and choose.
If during that dialog, I as the install decide to set silly default
password, then 'my gun, my foot, etc'. But I could lock them down
tighter that the default and then it would be 'my gun, intruder foot, etc'.
I don't think IBM will go as far as swallowing DIRMAINT and RACF into
the base product so that we don't have the hassle and expense of
licensing them separately, so you don't have to worry about points 2 or 3.
/Tom Kern
/301-903-2211
Ed Zell wrote:
Understand that if we were to go this way, the Old School "let
the customer decide" wouldn't be there. So I would ask that
those who would object to such a change to speak up.
A couple of thoughts:
1) I don't view it as a big deal to change all the passwords
upon initial install. It takes a few minutes using XEDIT
and then I am done until the next install.
2) Not everyone uses a directory management product such as
DIRMAINT. Some of us smaller shops still just edit the
source directory and would want to continue to do so.
3) Not everyone uses an ESM. Please keep that in mind when
making changes to how the VM installation process works.
4) I don't think I like the idea of all system user id's being
AUTOONLY/LBYONLY/NOLOG. I think this should be a decision
that the person installing the system would make.
Ed Zell
Illinois Mutual Life
(309) 674-8255 x-107