On Tuesday, 05/12/2009 at 04:34 EDT, Mark Wheeler <mwheele...@hotmail.com> wrote:
> These are the kind of questions I really hate to see, because many of us know > the answer (or multiple answers) and want to help. Actually, it's those answers > that I hate to see, because, to paraphrase, the root question is basically "How > do I hack into a z/VM system?" Posting the answers to the list doesn't seem > prudent, whereas a private response to Bob (you really are Bob, right?) would > be more appropriate. It helps Bob, who we all know and love, solve his problem > but doesn't compromise the integrity of everyone else's systems. No answer given on this list will compromise a z/VM system that meets even the most rudimentary security policy: o All vendor-provided default passwords (USER and MDISK, in this case) have been changed to non-trivial values o All passwords must be stored in an encrypted form. On a secure system, it is IMPOSSIBLE to get a hold of ANY user's password in clear-text (it's an axiom in the word "secure".) Bob's predicament also illustrated why LOGON BY is a Good Thing. Alan Altmark z/VM Development IBM Endicott
