On Thursday, 07/29/2010 at 09:27 EDT, Rob van der Heij <rvdh...@gmail.com> wrote: > They might also be happy also with NOPASS (assuming it's the same as > NOPASSWORD in RACF).
It isn't. NOPASS in the directory means "no password required". 'NOPASSWORD NOPHRASE' on RACF means that the user ID does not have an authenticator and end users cannot access it. No FTP. No logon. All you can do is XAUTOLOG it. ESMs can deny NOPASS logins if they want. RACF doesn't. (Though I am increasingly tempted to add a RACF SETROPTS to allow you to do so - and turn it on by default.) > Such experiences should show the responsible VM Systems Programmer > he's on his own and should not expect any helpful guidance from the > auditors. And maybe not even try to explain why the user profiles were > "missing" for all NOLOG users... VM allows the ESM to override a NOLOG. I.e. you have a user profile with a password and directory entry of NOLOG. You can authenticate via FTP (for example) and access files, but you do not have a virtual machine to call your own. This lets you keep USER DIRECT and the ESM in sync. Alan Altmark z/VM Development IBM Endicott
