So I'll revert to my old habits and make a local mod to the password column in 140/150CMDS DATADVH
2009/2/11 Alan Altmark <alan_altm...@us.ibm.com>: > On Wednesday, 02/11/2009 at 11:40 EST, Kris Buelens > <kris.buel...@gmail.com> wrote: >> I'm installing z/VM 5.4 with Dirmaint and RACF (and this time >> "following the book" as opposed to my own methods). >> >> I did copy the CONFIGRC SAMPDVH as DATADVH and DIRMAINT sees it. So, >> it should have all RACF enablements. >> >> MAINT is defined as a LOGONBY user and is logged on BY BUELENSC. >> When I issue DIRM NEEDPASS NO in MAINT, DIRMAINT prompts me for >> MAINT's password: >> - I'd say it should prompt for BUELENSC's password >> (I am not supposed to know MAINT's password when using LOGONBY) >> - So I enter BUELENSC's password and RACF rejects it. Seems that the > query >> DIRMAINT passes to RACF indeed wants indeed an authentication as MAINT: >> OPERATOR gets ICH301I MAXIMUM PASSWORD ATTEMPTS BY SPECIAL USER MAINT >> >> Is this supposed to work? > > I would say "No." You have LOGON BY access, but that doesn't confer > "modify the directory" permission. If MAINT is LBYONLY (in the RACF > sense) then you need to make such changes from another user who is > authorized to act FOR MAINT. > > Alan Altmark > z/VM Development > IBM Endicott > -- Kris Buelens, IBM Belgium, VM customer support