We do LOGONBY but some people forget and try to logon directly to MAINT, enter their own logon password (an incorrect pw for MAINT), RACF dutifully counts these consecutive wrong logon pw's and after 1 attempt in Jan, 1 attempt in July and the 3rd consecutive one in say May of the following year RACF thinks MAINT has tried 3 consecutive times to logon with the wrong password and revokes MAINT.
RACF needs a better sense of time. -------------------------------------------------------- This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system. -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Rich Smrcina Sent: Tuesday, July 01, 2008 12:27 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: RACF and MAINT I think you have a valid concern. The 'Security on z/VM' redbook suggests to use 'logon by' for MAINT to avoid a) giving out it's password and 2) the possibility of it's password being revoked due to people possibly forgetting it. A sensible solution. Leland Lucius wrote: > Being new to this RACF on VM thing, I'm a little paranoid about how the > MAINT user should be handled in relation to things like password policies. > > Mind you, we don't use MAINT all that often, but I'd hate to get myself > in a position where I needed it and was unable to use it because the > password was revoked or something similar. > > How do y'all handle MAINT with RACF. Is it really a major concern or am > I just being a fraidy cat? > > Leland > -- Rich Smrcina VM Assist, Inc. Phone: 414-491-6001 Ans Service: 360-715-2467 rich.smrcina at vmassist.com http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2009 - Orlando, FL - May 15-19, 2009
