On Saturday, 09/27/2008 at 12:26 EDT, Leland Lucius <[EMAIL PROTECTED]> wrote: > Just wondering what folks set INACTIVE() to a "Linux only" environment > where guests stay up for long periods or where MAINT and the like aren't > used for long periods. > > When we installed RACFVM, our security team set the same options as are > being used on z/OS which we all thought was a good idea. But, we've > been getting a lot of guests with revoked IDs. : > So, we have the notion of simply change our INACTIVE(45) to NOINACTIVE > (if we can get security to bite), but were wondering if there were other > options.
A possible compromise could be: ALTUSER userid NOPHRASE NOPASSWORD will completely remove the password and phrase. - No one can logon directly to or use the id for authentication - The user can still be XAUTOLOGed - The user will never be revoked due to inactivity or too many logon attempts with a bad password Alan Altmark z/VM Development IBM Endicott