Re: Oops and finding passwords on a system...
On Tuesday, 05/12/2009 at 04:34 EDT, Mark Wheeler mwheele...@hotmail.com wrote: These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically How do I hack into a z/VM system? Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. No answer given on this list will compromise a z/VM system that meets even the most rudimentary security policy: o All vendor-provided default passwords (USER and MDISK, in this case) have been changed to non-trivial values o All passwords must be stored in an encrypted form. On a secure system, it is IMPOSSIBLE to get a hold of ANY user's password in clear-text (it's an axiom in the word secure.) Bob's predicament also illustrated why LOGON BY is a Good Thing. Alan Altmark z/VM Development IBM Endicott
Re: Oops and finding passwords on a system...
Robert, Wouldn't the DIRMAINT 1DF mdisk be the one you need? 1DB is the backup mdisk. MDISK 01DF 3390 3075 018 540W02 MR MDISK 01DB 3390 1421 009 540W02 MR Ray Waters From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of RPN01 Sent: Tuesday, May 12, 2009 2:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Oops and finding passwords on a system... I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. NOTICE: This e-mail is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure. If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the original message at the listed email address. Thank You.
Re: Oops and finding passwords on a system...
1DB contains the 'monolithic' USER BACKUP which is easier to read/traverse then the clustered source directory on 1DF.. Scott On Wed, May 13, 2009 at 6:42 AM, Ray Waters ray.wat...@opensolutions.comwrote: Robert, Wouldn’t the DIRMAINT 1DF mdisk be the one you need? 1DB is the backup mdisk. MDISK 01DF 3390 3075 018 540W02 MR MDISK 01DB 3390 1421 009 540W02 MR Ray Waters -- *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On Behalf Of *RPN01 *Sent:* Tuesday, May 12, 2009 2:36 PM *To:* IBMVM@LISTSERV.UARK.EDU *Subject:* Oops and finding passwords on a system... I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. -- NOTICE: This e-mail is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure. If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the original message at the listed email address. Thank You.
Re: Oops and finding passwords on a system...
And unless you change the timings in its wakeup file the USER BACKUP on 1DF is created just after midnight and/or DIRM USER BACKUP dynamic command. Without changing time or using the command you always have a directory less than 24 hours old. David Original Message Subject: Re: [IBMVM] Oops and finding passwords on a system...From: Scott Rohling scott.rohl...@gmail.comDate: Wed, May 13, 2009 8:48 amTo: IBMVM@LISTSERV.UARK.EDU1DB contains the 'monolithic' USER BACKUP which is easier to read/traverse then the clustered source directory on 1DF..Scott On Wed, May 13, 2009 at 6:42 AM, Ray Waters ray.wat...@opensolutions.com wrote: Robert, Wouldn’t the DIRMAINT 1DF mdisk be the one you need? 1DB is the backup mdisk. MDISK 01DF 3390 3075 018 540W02 MR MDISK 01DB 3390 1421 009 540W02 MR Ray Waters From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01Sent: Tuesday, May 12, 2009 2:36 PM To: IBMVM@LISTSERV.UARK.EDUSubject: Oops and finding passwords on a system... I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :(Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all).Thanks to one and all for keeping this as quiet as possible.-- Robert P. Nix Mayo Foundation .~. RO-OE-5-55 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ - ^^-^^ "In theory, theory and practice are the same, butin practice, theory and practice are different." NOTICE:This e-mail is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure. If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the original message at the listed email address. Thank You.
Oops and finding passwords on a system...
I didn¹t log in for awhile and, due to advancing age (actually a year older tomorrow too), I¹ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don¹t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don¹t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I¹ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different.
Re: Oops and finding passwords on a system...
MDISK 01DB 3390 1421 009 540W02 MR On Tue, May 12, 2009 at 3:36 PM, RPN01 nix.rob...@mayo.edu wrote: I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317
Re: Oops and finding passwords on a system...
Happy Birthday! While I don't have access at the moment to a 5.4 system -- the type of DASD you used (3390-3 , 3390-9 ?) will be important for others to help... (I'll be trying to get to my 5.4 on 3390-9 with everything on 540RES in the meantime to help) Scott On Tue, May 12, 2009 at 1:36 PM, RPN01 nix.rob...@mayo.edu wrote: I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different.
Re: Oops and finding passwords on a system...
It would appear that the 1DB disk could be just about anywhere. On Tue, May 12, 2009 at 3:44 PM, Mark Pace mpac...@gmail.com wrote: MDISK 01DB 3390 1421 009 540W02 MR On Tue, May 12, 2009 at 3:36 PM, RPN01 nix.rob...@mayo.edu wrote: I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317
Re: Oops and finding passwords on a system...
Might be time to get the DIRENT package from the IBM VM downloads page: http://www.vm.ibm.com/download/packages/descript.cgi?DIRENT This reads the object directory so you don't need access to the source directory.. Not sure if this helps - but maybe..? Scott On Tue, May 12, 2009 at 1:46 PM, Mark Pace mpac...@gmail.com wrote: It would appear that the 1DB disk could be just about anywhere. On Tue, May 12, 2009 at 3:44 PM, Mark Pace mpac...@gmail.com wrote: MDISK 01DB 3390 1421 009 540W02 MR On Tue, May 12, 2009 at 3:36 PM, RPN01 nix.rob...@mayo.edu wrote: I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317
Re: Oops and finding passwords on a system...
If he is logged on, Q MDISK USER DIRMAINT LOC Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of RPN01 Sent: Tuesday, May 12, 2009 12:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] Oops and finding passwords on a system... I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different.
Re: Oops and finding passwords on a system...
Oops. Make that Q MDISK USER DIRMAINT 1DB LOC Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Marcy Cortes Sent: Tuesday, May 12, 2009 12:54 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Oops and finding passwords on a system... If he is logged on, Q MDISK USER DIRMAINT LOC Marcy
Re: Oops and finding passwords on a system...
Mine is in the same location Steve Mitchell Sr Systems Software Specialist Blue Cross Blue Shield of Kansas (785) 291-8885 'There are no degrees of Honesty-you're either Honest or you're not! From: Mark Pace mpac...@gmail.com To: IBMVM@LISTSERV.UARK.EDU Date: 05/12/2009 02:46 PM Subject:Re: Oops and finding passwords on a system... MDISK 01DB 3390 1421 009 540W02 MR On Tue, May 12, 2009 at 3:36 PM, RPN01 nix.rob...@mayo.edu wrote: I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation .~. RO-OE-5-55 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ - ^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 CONFIDENTIALITY NOTICE: This email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary, confidential, trade secret or privileged information. Any unauthorized review use, disclosure or distribution is prohibited and may be a violation of law. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Re: Oops and finding passwords on a system...
Sweet! Thanks for that, Marcy .. that's a new one for me, we've apparently improved Q MDISK! (or I was just unblissfully ignorant) Scott On Tue, May 12, 2009 at 1:55 PM, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Oops. Make that Q MDISK USER DIRMAINT 1DB LOC Marcy
Re: Oops and finding passwords on a system...
Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically How do I hack into a z/VM system? Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. _ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009
Re: Oops and finding passwords on a system...
A little bit of social engeneering? From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Mark Wheeler Sent: Tuesday, May 12, 2009 3:30 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically How do I hack into a z/VM system? Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. Hotmail(r) has ever-growing storage! Don't worry about storage limits. Check it out. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tu torial_Storage1_052009 == This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
Re: Oops and finding passwords on a system...
I understand your premise, but respectfully disagree. We're not going to increase the security of z/VM by not discussing ways to do things when necessary. The mirror question to yours is: 'How do I prevent a z/VM system from being hacked?'. The answer lies in things like: - Run an ESM (may I suggest RACF?) - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!) Any of the methods being discussed can only be done by a user with sufficient privilege to do so. None of this is secret stuff, nor should it be. Scott On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler mwheele...@hotmail.comwrote: Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically How do I hack into a z/VM system? Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler -- Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. -- Hotmail® has ever-growing storage! Don’t worry about storage limits. Check it out.http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009
Re: Oops and finding passwords on a system...
Yes, I discovered this shortly after asking. I was able to do this from OPERATOR, and then use DEFINE MDISK to get access to the disk and see the USER BACKUP file to get the passwords I needed. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature) On 5/12/09 2:55 PM, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Oops. Make that Q MDISK USER DIRMAINT 1DB LOC Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Marcy Cortes Sent: Tuesday, May 12, 2009 12:54 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Oops and finding passwords on a system... If he is logged on, Q MDISK USER DIRMAINT LOC Marcy
Re: Oops and finding passwords on a system...
I'd say yes if I were an auditor. Encrypted PW requirements are usually something you find on your company's security policy, an ESM is a necessity on VM. Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of RPN01 Sent: Tuesday, May 12, 2009 1:53 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Oops and finding passwords on a system... Yes, I discovered this shortly after asking. I was able to do this from OPERATOR, and then use DEFINE MDISK to get access to the disk and see the USER BACKUP file to get the passwords I needed. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature) On 5/12/09 2:55 PM, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Oops. Make that Q MDISK USER DIRMAINT 1DB LOC Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Marcy Cortes Sent: Tuesday, May 12, 2009 12:54 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Oops and finding passwords on a system... If he is logged on, Q MDISK USER DIRMAINT LOC Marcy
Re: Oops and finding passwords on a system...
Actually, OPERATOR has it by default, though I¹m not sure why it needs it other than problems like this one. -- Robert Nix -- Mayo Clinic On 5/12/09 3:51 PM, Scott Rohling scott.rohl...@gmail.com wrote: - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!)
Re: Oops and finding passwords on a system...
According to the help file, The user must be the primary system operator or the user's OPTION directory statement must include the DEVMAINT option. Does this not indicate that OPERATOR does not need DEVMAINT? Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Tuesday, May 12, 2009 1:52 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... I understand your premise, but respectfully disagree. We're not going to increase the security of z/VM by not discussing ways to do things when necessary. The mirror question to yours is: 'How do I prevent a z/VM system from being hacked?'. The answer lies in things like: - Run an ESM (may I suggest RACF?) - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!) Any of the methods being discussed can only be done by a user with sufficient privilege to do so. None of this is secret stuff, nor should it be. Scott On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler mwheele...@hotmail.commailto:mwheele...@hotmail.com wrote: Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically How do I hack into a z/VM system? Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edumailto:nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. Hotmail(r) has ever-growing storage! Don't worry about storage limits. Check it out.http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009
Re: Oops and finding passwords on a system...
Absolutely this is a security risk! I would never give OPERATOR DEVMAINT ability - OPERATOR should have the ability to do particular things and query particular things -- but not things like see passwords or the get ability to get to anything they want (e.g. DEF MDISK). If I was an auditor - you'd be in big trouble, buddy ;-) And for not having an ESM maintain your passwords in an encrypted and unqueryable fashion -- double trouble.. Scott On Tue, May 12, 2009 at 2:52 PM, RPN01 nix.rob...@mayo.edu wrote: eeded. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature)
Re: Oops and finding passwords on a system...
There are other ways to passwords besides what has been discussed so far here.. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Tuesday, May 12, 2009 4:00 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... Absolutely this is a security risk! I would never give OPERATOR DEVMAINT ability - OPERATOR should have the ability to do particular things and query particular things -- but not things like see passwords or the get ability to get to anything they want (e.g. DEF MDISK). If I was an auditor - you'd be in big trouble, buddy ;-) And for not having an ESM maintain your passwords in an encrypted and unqueryable fashion -- double trouble.. Scott On Tue, May 12, 2009 at 2:52 PM, RPN01 nix.rob...@mayo.edu wrote: eeded. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature)
Re: Oops and finding passwords on a system...
Wow .. open mouth, insert foot ... it does imply OPERATOR has it by default - and here I am saying it's a security violation. This is just not my day :-( I guess OPERATOR 'is' the failsafe VM userid -- and by rights should have this ability for recovery. But I wouldn't want my typical VM operator doing these kinds of things. I guess an audit trail will have to suffice. Scott On Tue, May 12, 2009 at 2:59 PM, Schuh, Richard rsc...@visa.com wrote: According to the help file, The user must be the primary system operator or the user's OPTION directory statement must include the DEVMAINT option. Does this not indicate that OPERATOR does not need DEVMAINT? Regards, Richard Schuh -- *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On Behalf Of *Scott Rohling *Sent:* Tuesday, May 12, 2009 1:52 PM *To:* IBMVM@LISTSERV.UARK.EDU *Subject:* Re: Oops and finding passwords on a system... I understand your premise, but respectfully disagree. We're not going to increase the security of z/VM by not discussing ways to do things when necessary. The mirror question to yours is: 'How do I prevent a z/VM system from being hacked?'. The answer lies in things like: - Run an ESM (may I suggest RACF?) - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!) Any of the methods being discussed can only be done by a user with sufficient privilege to do so. None of this is secret stuff, nor should it be. Scott On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler mwheele...@hotmail.comwrote: Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically How do I hack into a z/VM system? Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler -- Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. -- Hotmail® has ever-growing storage! Don’t worry about storage limits. Check it out.http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009
Re: Oops and finding passwords on a system...
From the original z/VM 5.4.0 USER DIRECT (and yes, the password is exposed - anyone going into production with an IBM-distributed password *should* be in triple-trouble!): ---snip--- USER OPERATOR OPERATOR 32M 32M ABCDEFG INCLUDE IBMDFLT AUTOLOG AUTOLOG1 OP1 MAINT ACCOUNT 2 OPERATOR MACH ESA OPTION MAINTCCW IPL 190 LINK OP1 191 192 RR MDISK 191 3390 3301 005 VSR54I MR READ WRITEMULTIPLE ---snip--- (We save the original MAINT 02CC as MAINT D2CC (Distributed 2CC) as soon as the installation is complete. Let's us go back later to understand.) The INCLUDE IBMDFLT does not (and had better not) include OPTION DEVMAINT. Could there perhaps be some confusion between DEVMAINT and MAINTCCW? Mike Walter Hewitt Associates Scott Rohling scott.rohl...@gmail.com Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 05/12/2009 04:04 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Oops and finding passwords on a system... Wow .. open mouth, insert foot ... it does imply OPERATOR has it by default - and here I am saying it's a security violation. This is just not my day :-( I guess OPERATOR 'is' the failsafe VM userid -- and by rights should have this ability for recovery. But I wouldn't want my typical VM operator doing these kinds of things. I guess an audit trail will have to suffice. Scott On Tue, May 12, 2009 at 2:59 PM, Schuh, Richard rsc...@visa.com wrote: According to the help file, The user must be the primary system operator or the user's OPTION directory statement must include the DEVMAINT option. Does this not indicate that OPERATOR does not need DEVMAINT? Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Tuesday, May 12, 2009 1:52 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... I understand your premise, but respectfully disagree. We're not going to increase the security of z/VM by not discussing ways to do things when necessary. The mirror question to yours is: 'How do I prevent a z/VM system from being hacked?'. The answer lies in things like: - Run an ESM (may I suggest RACF?) - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!) Any of the methods being discussed can only be done by a user with sufficient privilege to do so. None of this is secret stuff, nor should it be. Scott On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler mwheele...@hotmail.com wrote: Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically How do I hack into a z/VM system? Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn?t log in for awhile and, due to advancing age (actually a year older tomorrow too), I?ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don?t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don?t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I?ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. Hotmail® has ever-growing storage! Don?t worry about storage limits. Check it out. The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other
Re: Oops and finding passwords on a system...
On: Tue, May 12, 2009 at 01:59:40PM -0700,Schuh, Richard Wrote: } According to the help file, The user must be the primary system operator or the user's OPTION directory statement must include the DEVMAINT option. Does this not indicate that OPERATOR does not need DEVMAINT? There are many cases, some intended, some accidental where OPERATOR is not the primary system operator. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta Casey (RIP), Red Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Oops and finding passwords on a system...
From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. Doesn't matter what's in the directory or what the userid is. If you are the primary operator, you've got the ability. Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files on other users if you have the authority to do it. Want to keep the passwords under wraps, they best be encrypted. An inventive soul can find a way to get to clear text files if they have access to the right stuff. Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
Re: Oops and finding passwords on a system...
And every human Operator need class D privclass to handle SPOOL operations. Some report or data files can be transferred by an Operator to another userid, viewed there, and transferred back. It makes me wonder how secret 3-letter US government agencies dealt with Operator, sysprog, and security admin issues. Mike Walter Hewitt Associates (Sent from the wee keyboard on a Blackberry.) - Original Message - From: Bob Bates [robert.ba...@wellsfargo.com] Sent: 05/12/2009 04:48 PM EST To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. Doesn't matter what's in the directory or what the userid is. If you are the primary operator, you've got the ability. Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files on other users if you have the authority to do it. Want to keep the passwords under wraps, they best be encrypted. An inventive soul can find a way to get to clear text files if they have access to the right stuff. Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: Oops and finding passwords on a system...
Good question -- I know that RACF can be used to control command access -- but I'm not sure it would work on OPERATOR. I can see the problem: Given that the only accessible user is OPERATOR if things fail at IPL (RACF doesn't come up, DASD isn't online, whatever) at the real/HMC console - it needs the authority to do what needs doing to bring up the system or restore what needs restoring. physical/logical Access to the operator console is security hole at that point. Scott On Tue, May 12, 2009 at 6:54 PM, Mike Walter mike.wal...@hewitt.com wrote: And every human Operator need class D privclass to handle SPOOL operations. Some report or data files can be transferred by an Operator to another userid, viewed there, and transferred back. It makes me wonder how secret 3-letter US government agencies dealt with Operator, sysprog, and security admin issues. Mike Walter Hewitt Associates (Sent from the wee keyboard on a Blackberry.) - Original Message - From: Bob Bates [robert.ba...@wellsfargo.com] Sent: 05/12/2009 04:48 PM EST To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. Doesn't matter what's in the directory or what the userid is. If you are the primary operator, you've got the ability. Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files on other users if you have the authority to do it. Want to keep the passwords under wraps, they best be encrypted. An inventive soul can find a way to get to clear text files if they have access to the right stuff. Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: Oops and finding passwords on a system...
RACF really doesn't control access to a whole lot of commands. CP class overrides will help here. It will audit a whole bunch! But control, no, not really. Once on operator or sysoper id with secuser set to operator: SEND RACF SETRACF INACTIVE; response yes; now your system has fallen back to weak(er) cp passwords.Some shops will not permit network access to the HMC, so now you need physical access to the HMC. OK, now you can get to SYSG by enabling the 3270 HMC iconic thingie and you know a valid ipl volume, but you are physically at the controls of the box. So you have passed through several get smart doors into the cold room and you are being recorded by a webcam ...On an insecure note - sometimes I like to write the volume, start cylinder, # of cylinders of DIRMAINT 1DB in the comments of SALIPL - and it shows up on the SAPL screen. Bailed me out of a jam more than once.Coming back to operator and RACF without knowing maint password using some of the stuff Bob mentioned:from operator:xautolog maintset secuser maint *send cp maint IPL something or other (190 or CMS) ...send maint rac (change my password through one of the racf commands)...logon maint... have oodles of fun ... Original Message Subject: Re: [IBMVM] Oops and finding passwords on a system... From: Scott Rohling scott.rohl...@gmail.com Date: Tue, May 12, 2009 9:31 pm To: IBMVM@LISTSERV.UARK.EDU Good question -- I know that RACF can be used to control command access -- but I'm not sure it would work on OPERATOR.I can see the problem: Given that the only accessible user is OPERATOR if things fail at IPL (RACF doesn't come up, DASD isn't online, whatever) at the real/HMC console - it needs the authority to do what needs doing to bring up the system or restore what needs restoring. physical/logical Access to the operator console is security hole at that point. ScottOn Tue, May 12, 2009 at 6:54 PM, Mike Walter mike.wal...@hewitt.com wrote: And every human Operator need class D privclass to handle SPOOL operations. Some report or data files can be transferred by an Operator to another userid, viewed there, and transferred back. It makes me wonder how secret 3-letter US government agencies dealt with Operator, sysprog, and security admin issues. Mike Walter Hewitt Associates (Sent from the wee keyboard on a Blackberry.) - Original Message - From: "Bob Bates" [robert.ba...@wellsfargo.com] Sent: 05/12/2009 04:48 PM EST To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system...From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. Doesn't matter what's in the directory or what the userid is. If you are the primary operator, you've got the ability. Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files on other users if you have the authority to do it. Want to keep the passwords under wraps, they best be encrypted. An inventive soul can find a way to get to clear text files if they have access to the right stuff. Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
oops, cics
bob shair wrote: That 360/40, serial number 2040-x0002, made two outstanding contributions to IBM. After serving as the first 360 testbed for CP (CP/40), it went on to be the primary development machine for CICS! ref: http://www.garlic.com/~lynn/2006o.html#27 oops the university i was at had a 360/67 (originally installed for tss/360) ... and with all the tss/360 problems started looking for other uses (besides running it in 360/65 mode with os/360). the university stumbled acrossed cp/67 sometime in 1967 and had three people from the science center http://www.garlic.com/~lynn/subtopic.html#545tech come out the last week in jan68 to install cp67. i got to play with cp67 (as an undergraduate) in addition to supporting os/360. part of that also led to us doing our own clone controller ... recent topic drift on cloning http://www.garlic.com/~lynn/aadsm25.htm#10 Crypto to defend chip IP: snake oil or good idea? above mentions the university cloning project ... and cloned controllers also motivating FS project. however, the university library also had an ONR grant and was selected to be a CICS beta test site ... and i got roped into shooting some number of early CICS bugs. misc. past post mentioning early CICS (and/or BDAM) httpL//www.galric.com/~lynn/subtopic.html#bdam
Re: oops
At 06:50 AM 8/7/2006, Jim Bohnsack wrote: As a junior assistant probationery trainee IBM systems engineer in a Chicago branch office, I worked on a project that needed a lot of data center machine time. I ran a benchmark for a custom at the IBM Des Plaines data center and used a 360/40 that had an unusual toggle switch on the front panel with the labeling on the switch being virtual/real. It was a few years before I understood what that meant. At that time, also, the downtown Chicago IBM data center had a 360/67 which I always used in 360/65 mode. Jim That 360/40, serial number 2040-x0002, made two outstanding contributions to IBM. After serving as the first 360 testbed for CP (CP/40), it went on to be the primary development machine for CICS! Bob Shair Open Systems Consulting Champaign, Illinois
Re: oops
If I had known about that (CICS development), maybe I would have snipped a wire or two. At that time, I was installing (separate project) a S/360/40 at different IBM Chicgo customer running FASTER, which was another, comparable online system that, I believe, was developed initially by the Kansas City police dept. It lost out to CICS, which I think was developed originally by a utility company. Jim At 07:55 AM 8/7/2006, you wrote: That 360/40, serial number 2040-x0002, made two outstanding contributions to IBM. After serving as the first 360 testbed for CP (CP/40), it went on to be the primary development machine for CICS! Bob Shair Open Systems Consulting Champaign, Illinois Jim Bohnsack Cornell Univ. (607) 255-1760
Re: oops
At 07:16 AM 8/7/2006, you wrote: If I had known about that (CICS development), maybe I would have snipped a wire or two. At that time, I was installing (separate project) a S/360/40 at different IBM Chicgo customer running FASTER, which was another, comparable online system that, I believe, was developed initially by the Kansas City police dept. It lost out to CICS, which I think was developed originally by a utility company. Jim Yes, CICS was a co-development with the Northern Indiana Public Service Company (NIPSCo). I vaguely remember FASTER from ~1968. Yet another one around this time was DUCS (the Display Unit Control System) which, IIRC, ran on DOS rather than on big OS like CICS. Bob Shair Open Systems Consulting Champaign, Illinois
Re: oops
Phil Smith III wrote:
Gabe reminds me that the 360 didn't run VM; I did use it, but it was
the 370/158 with 2MB that I used to use VM on.
360/67 was the only (standard) 360 with virtual memory support. it had
both 24-bit and 32-bit virtual addressing options (you didn't see more
than 24-bit again until 370-xa with 3081). 360/67 multiprocessor also
had channel director ... which supported all processors accessing all
channels (standard 360 370 multiprocessors only provided for common
memory addressing ... the rest of the infrastructure, including
channels, were partitioned, specific to processors).
cp67 was developed by the science center
http://www.garlic.com/~lynn/subtopic.html#545tech
... supporting virtual machines and virtual memory. cp67 was released to
customers. there had been an earlier cp40 developed on a custom modified
360/40 with virtual memory ... pending availability of a 360/67.
there was joint project between cambridge and endicott to add a lot of
370 stuff to cp67 kernel ... this was discussed recently in the series
of posts on sequence numbers and cms multi-level source maintenance
... which mostly evolved out of the cp67 cambridge/endicott 370 effort
(*CMS* originally stood for the cambridge monitor system, but morphed to
conversational monitor system for vm370)
modified version of cp67 ran internally extensively on 370s ... pending
availability of vm370. also CCWTRANS (supporting virtual memory ccws
translated to shadow real CCWs) was used in initial prototype of os/vs2
(i.e. mvt hacked to directly support 370 virtual memory).
gobs of posts just this year mentioning cp/67
http://www.garlic.com/~lynn/2006.html#5 Page fault question (zero-filling)
http://www.garlic.com/~lynn/2006.html#7 EREP , sense ... manual
http://www.garlic.com/~lynn/2006.html#10 How to restore VMFPLC dumped
files on z/VM V5.1
http://www.garlic.com/~lynn/2006.html#13 VM maclib reference
http://www.garlic.com/~lynn/2006.html#17 {SPAM?} DCSS as SWAP disk for
z/Linux
http://www.garlic.com/~lynn/2006.html#19 DCSS as SWAP disk for z/Linux
http://www.garlic.com/~lynn/2006.html#25 DCSS as SWAP disk for z/Linux
http://www.garlic.com/~lynn/2006.html#38 Is VIO mandatory?
http://www.garlic.com/~lynn/2006.html#40 All Good Things
http://www.garlic.com/~lynn/2006b.html#7 Mount a tape
http://www.garlic.com/~lynn/2006b.html#8 Free to good home: IBM RT UNIX
http://www.garlic.com/~lynn/2006b.html#15 {SPAM?} Re: Expanded Storage
http://www.garlic.com/~lynn/2006b.html#16 {SPAM?} Re: Expanded Storage
http://www.garlic.com/~lynn/2006b.html#23 Seeking Info on XDS Sigma 7 APL
http://www.garlic.com/~lynn/2006b.html#25 Multiple address spaces
http://www.garlic.com/~lynn/2006b.html#32 Multiple address spaces
http://www.garlic.com/~lynn/2006b.html#39 another blast from the past
http://www.garlic.com/~lynn/2006b.html#40 another blast from the past
... VAMPS
http://www.garlic.com/~lynn/2006c.html#2 Multiple address spaces
http://www.garlic.com/~lynn/2006c.html#18 Change in computers as a hobbiest
http://www.garlic.com/~lynn/2006c.html#21 Military Time?
http://www.garlic.com/~lynn/2006c.html#22 Military Time?
http://www.garlic.com/~lynn/2006c.html#28 Mount DASD as read-only
http://www.garlic.com/~lynn/2006c.html#45 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006d.html#0 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006d.html#18 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006d.html#21 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006d.html#35 Fw: Tax chooses dead language
- Austalia
http://www.garlic.com/~lynn/2006e.html#7 About TLB in lower-level caches
http://www.garlic.com/~lynn/2006e.html#28 MCTS
http://www.garlic.com/~lynn/2006e.html#40 transputers again was: The
demise of Commodore
http://www.garlic.com/~lynn/2006e.html#45 using 3390 mod-9s
http://www.garlic.com/~lynn/2006f.html#0 using 3390 mod-9s
http://www.garlic.com/~lynn/2006f.html#1 using 3390 mod-9s
http://www.garlic.com/~lynn/2006f.html#5 3380-3390 Conversion -
DISAPPOINTMENT
http://www.garlic.com/~lynn/2006f.html#21 Over my head in a JES exit
http://www.garlic.com/~lynn/2006g.html#1 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#3 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#18 TOD Clock the same as the BIOS
clock in PCs?
http://www.garlic.com/~lynn/2006g.html#58 REP cards
http://www.garlic.com/~lynn/2006h.html#7 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#20 Binder REP Cards (Was: What's
the linkage editor really wants?)
http://www.garlic.com/~lynn/2006h.html#22 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#30 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#55 History of first use of
all-computerized typesetting?
http://www.garlic.com/~lynn/2006h.html#57 PDS Directory Question
http://www.garlic.com/~lynn/2006i.html#4 Mainframe vs. xSeries
http://www.garlic.com/~lynn/2006i.html#9 Hadware Support for Protection
Bits: what does it really mean?
Oops...
Gabe reminds me that the 360 didn't run VM; I did use it, but it was the 370/158 with 2MB that I used to use VM on. Senility...it's not just a river in Africa... ...phsiii
Oops
Title: Oops Sorry ignore that previous message from me about being unavailable, replied to the wrong email.
