There are other ways to passwords besides what has been discussed so far here..
________________________________ From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Tuesday, May 12, 2009 4:00 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... Absolutely this is a security risk! I would never give OPERATOR DEVMAINT ability - OPERATOR should have the ability to do particular things and query particular things -- but not things like see passwords or the get ability to get to anything they want (e.g. DEF MDISK). If I was an auditor - you'd be in big trouble, buddy ;-) And for not having an ESM maintain your passwords in an encrypted and unqueryable fashion -- double trouble.. Scott On Tue, May 12, 2009 at 2:52 PM, RPN01 <nix.rob...@mayo.edu> wrote: eeded. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature)
