On Fri, Nov 13, 2009 at 10:20 AM, Chip Davis <c...@aresti.com> wrote:
> One of the non-intuitive aspects of the RPWLIST DATA file is that it is > required to be present, even if you do not wish to restrict the passwords in > that manner. Perhaps you have an External Security Manager, your own Rexx > exec that checks for variations/permutations, or just don't care on a PoC > system. But *must* is a bit strong here. The message is an "I" type, and function is still performed. I admit I also have such a file with one entry in it, just to avoid the message. I suppose the background for this design was the need for a quick tick in the box to satisfy a requirement from someone who got burned by it. If you're only a little bit more sensitive in this area you do an ESM and leave the passwords there (and passwords is so "seventies"). A more elegant approach would have been for the directory source to list the name(s) of the restricted password files, or maybe even state them in the directory itself. Good thing it's Friday, otherwise David would raise it as a requirement for DIRECTXA :-)
