Re: Setting DIRM NEEDPASS NO in a LOGONBY user

[David Boyes]

On 2/12/09 9:21 AM, "Alan Altmark" <alan_altm...@us.ibm.com> wrote:

This leads me to ask:  Is NEEDPASS YES still needed?  I view it as an
anachronism from an older time when we didn't have autolock screensavers
and generally more stringent workstation security policies.  No more
"always on" terminals.

Yes, it is still needed, or at least until IBM supplies a native, no additional 
cost authorization capability that is more granular than the CP privilege class 
system and the word comes down from on high that applications will use that 
capability in place of password or privilege class checking.

As you pointed out, login ability does not imply the ability to modify the 
directory, and having to confirm changes to system configuration with a token 
(note, not necessarily a password) is an important part of controlling an 
environment. There's not really (at least IMHO) a tie between terminal access 
issues any more; it's an issue of change control.