Re: Oops and finding passwords on a system...
On Tuesday, 05/12/2009 at 04:34 EDT, Mark Wheeler wrote: > These are the kind of questions I really hate to see, because many of us know > the answer (or multiple answers) and want to help. Actually, it's those answers > that I hate to see, because, to paraphrase, the root question is basically "How > do I hack into a z/VM system?" Posting the answers to the list doesn't seem > prudent, whereas a private response to Bob (you really are Bob, right?) would > be more appropriate. It helps Bob, who we all know and love, solve his problem > but doesn't compromise the integrity of everyone else's systems. No answer given on this list will compromise a z/VM system that meets even the most rudimentary security policy: o All vendor-provided default passwords (USER and MDISK, in this case) have been changed to non-trivial values o All passwords must be stored in an encrypted form. On a secure system, it is IMPOSSIBLE to get a hold of ANY user's password in clear-text (it's an axiom in the word "secure".) Bob's predicament also illustrated why LOGON BY is a Good Thing. Alan Altmark z/VM Development IBM Endicott
Re: Oops and finding passwords on a system...
By the way, the object directory is not stored encrypted..
Just some food for thought.
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Scott Rohling
Sent: Wednesday, May 13, 2009 7:48 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Oops and finding passwords on a system...
1DB contains the 'monolithic' USER BACKUP which is easier to
read/traverse then the clustered source directory on 1DF..
Scott
On Wed, May 13, 2009 at 6:42 AM, Ray Waters
wrote:
Robert,
Wouldn't the DIRMAINT 1DF mdisk be the one you need? 1DB is the
backup mdisk.
MDISK 01DF 3390 3075 018 540W02 MR
MDISK 01DB 3390 1421 009 540W02 MR
Ray Waters
From: The IBM z/VM Operating System
[mailto:ib...@listserv.uark.edu] On Behalf Of RPN01
Sent: Tuesday, May 12, 2009 2:36 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Oops and finding passwords on a system...
I didn't log in for awhile and, due to advancing age (actually a
year older tomorrow too), I've forgotten what I made the MAINT password.
And, since this was also the main password used for almost all the
service machines, I don't have any other locations to log into that
would help me. I know; stupid. :(
Could someone with a zVM 540 system please tell me the starting
cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason
to relocate it, so, I think, with that and a DEFINE MINIDISK command
from OPERATOR (my one working userid) I can get the password I need to
regain control and save some face (other than here, since I've confessed
to you all).
Thanks to one and all for keeping this as quiet as possible.
--
Robert P. Nix Mayo Foundation.~.
RO-OE-5-55 200 First Street SW/V\
507-284-0844 Rochester, MN 55905 /( )\
-^^-^^
"In theory, theory and practice are the same, but
in practice, theory and practice are different."
NOTICE:
This e-mail is intended solely for the use of the individual to
whom it is addressed and may contain information that is privileged,
confidential or otherwise exempt from disclosure. If the reader of this
e-mail is not the intended recipient or the employee or agent
responsible for delivering the message to the intended recipient, you
are hereby notified that any dissemination, distribution, or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
original message at the listed email address. Thank You.
Re: Oops and finding passwords on a system...
And unless you change the timings in its wakeup file the USER BACKUP on 1DF is created just after midnight and/or DIRM USER BACKUP dynamic command. Without changing time or using the command you always have a directory less than 24 hours old. David Original Message Subject: Re: [IBMVM] Oops and finding passwords on a system...From: Scott Rohling Date: Wed, May 13, 2009 8:48 amTo: IBMVM@LISTSERV.UARK.EDU1DB contains the 'monolithic' USER BACKUP which is easier to read/traverse then the clustered source directory on 1DF..Scott On Wed, May 13, 2009 at 6:42 AM, Ray Waters <ray.wat...@opensolutions.com> wrote: Robert, Wouldn’t the DIRMAINT 1DF mdisk be the one you need? 1DB is the backup mdisk. MDISK 01DF 3390 3075 018 540W02 MR MDISK 01DB 3390 1421 009 540W02 MR Ray Waters From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01Sent: Tuesday, May 12, 2009 2:36 PM To: IBMVM@LISTSERV.UARK.EDUSubject: Oops and finding passwords on a system... I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :(Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all).Thanks to one and all for keeping this as quiet as possible.-- Robert P. Nix Mayo Foundation .~. RO-OE-5-55 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ - ^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." NOTICE:This e-mail is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure. If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the original message at the listed email address. Thank You.
Re: Oops and finding passwords on a system...
1DB contains the 'monolithic' USER BACKUP which is easier to read/traverse then the clustered source directory on 1DF.. Scott On Wed, May 13, 2009 at 6:42 AM, Ray Waters wrote: > Robert, > > > > Wouldn’t the DIRMAINT 1DF mdisk be the one you need? 1DB is the backup > mdisk. > > > >MDISK 01DF 3390 3075 018 540W02 MR > >MDISK 01DB 3390 1421 009 540W02 MR > > > > > > Ray Waters > -- > > *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On > Behalf Of *RPN01 > *Sent:* Tuesday, May 12, 2009 2:36 PM > *To:* IBMVM@LISTSERV.UARK.EDU > *Subject:* Oops and finding passwords on a system... > > > > I didn’t log in for awhile and, due to advancing age (actually a year older > tomorrow too), I’ve forgotten what I made the MAINT password. And, since > this was also the main password used for almost all the service machines, I > don’t have any other locations to log into that would help me. I know; > stupid. :( > > Could someone with a zVM 540 system please tell me the starting cylinder of > the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, > so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one > working userid) I can get the password I need to regain control and save > some face (other than here, since I’ve confessed to you all). > > Thanks to one and all for keeping this as quiet as possible. > > -- > Robert P. Nix Mayo Foundation.~. > RO-OE-5-55 200 First Street SW/V\ > 507-284-0844 Rochester, MN 55905 /( )\ > -^^-^^ > "In theory, theory and practice are the same, but > in practice, theory and practice are different." > > -- > NOTICE: > This e-mail is intended solely for the use of the individual to whom it is > addressed and may contain information that is privileged, confidential or > otherwise exempt from disclosure. If the reader of this e-mail is not the > intended recipient or the employee or agent responsible for delivering the > message to the intended recipient, you are hereby notified that any > dissemination, distribution, or copying of this communication is strictly > prohibited. If you have received this communication in error, please > immediately notify us by replying to the original message at the listed > email address. Thank You. >
Re: Oops and finding passwords on a system...
Robert, Wouldn't the DIRMAINT 1DF mdisk be the one you need? 1DB is the backup mdisk. MDISK 01DF 3390 3075 018 540W02 MR MDISK 01DB 3390 1421 009 540W02 MR Ray Waters From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of RPN01 Sent: Tuesday, May 12, 2009 2:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Oops and finding passwords on a system... I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." NOTICE: This e-mail is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure. If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the original message at the listed email address. Thank You.
Re: Oops and finding passwords on a system...
RACF really doesn't control access to a whole lot of commands. CP class overrides will help here. It will audit a whole bunch! But control, no, not really. Once on operator or sysoper id with secuser set to operator: SEND RACF SETRACF INACTIVE; response yes; now your system has fallen back to weak(er) cp passwords.Some shops will not permit network access to the HMC, so now you need physical access to the HMC. OK, now you can get to SYSG by enabling the 3270 HMC iconic thingie and you know a valid ipl volume, but you are physically at the controls of the box. So you have passed through several get smart doors into the cold room and you are being recorded by a webcam ...On an insecure note - sometimes I like to write the volume, start cylinder, # of cylinders of DIRMAINT 1DB in the comments of SALIPL - and it shows up on the SAPL screen. Bailed me out of a jam more than once.Coming back to operator and RACF without knowing maint password using some of the stuff Bob mentioned:from operator:xautolog maintset secuser maint *send cp maint IPL something or other (190 or CMS) ...send maint rac (change my password through one of the racf commands)...logon maint... have oodles of fun ... Original Message Subject: Re: [IBMVM] Oops and finding passwords on a system... From: Scott Rohling Date: Tue, May 12, 2009 9:31 pm To: IBMVM@LISTSERV.UARK.EDU Good question -- I know that RACF can be used to control command access -- but I'm not sure it would work on OPERATOR.I can see the problem: Given that the only accessible user is OPERATOR if things fail at IPL (RACF doesn't come up, DASD isn't online, whatever) at the real/HMC console - it needs the authority to do what needs doing to bring up the system or restore what needs restoring. physical/logical Access to the operator console is security hole at that point. ScottOn Tue, May 12, 2009 at 6:54 PM, Mike Walter <mike.wal...@hewitt.com> wrote: And every human Operator need class D privclass to handle SPOOL operations. Some report or data files can be transferred by an Operator to another userid, viewed there, and transferred back. It makes me wonder how secret 3-letter US government agencies dealt with Operator, sysprog, and security admin issues. Mike Walter Hewitt Associates (Sent from the wee keyboard on a Blackberry.) - Original Message - From: "Bob Bates" [robert.ba...@wellsfargo.com] Sent: 05/12/2009 04:48 PM EST To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system...From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. Doesn't matter what's in the directory or what the userid is. If you are the primary operator, you've got the ability. Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files on other users if you have the authority to do it. Want to keep the passwords under wraps, they best be encrypted. An inventive soul can find a way to get to clear text files if they have access to the right stuff. Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: Oops and finding passwords on a system...
Good question -- I know that RACF can be used to control command access -- but I'm not sure it would work on OPERATOR. I can see the problem: Given that the only accessible user is OPERATOR if things fail at IPL (RACF doesn't come up, DASD isn't online, whatever) at the real/HMC console - it needs the authority to do what needs doing to bring up the system or restore what needs restoring. physical/logical Access to the operator console is security hole at that point. Scott On Tue, May 12, 2009 at 6:54 PM, Mike Walter wrote: > And every human Operator need class D privclass to handle SPOOL operations. > Some report or data files can be transferred by an Operator to another > userid, viewed there, and transferred back. > > It makes me wonder how secret 3-letter US government agencies dealt with > Operator, sysprog, and security admin issues. > > Mike Walter > Hewitt Associates > > (Sent from the wee keyboard on a Blackberry.) > > > - Original Message - > From: "Bob Bates" [robert.ba...@wellsfargo.com] > Sent: 05/12/2009 04:48 PM EST > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Oops and finding passwords on a system... > > > > From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. > Doesn't matter what's in the directory or what the userid is. If you are the > primary operator, you've got the ability. > > Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files > on other users if you have the authority to do it. Want to keep the > passwords under wraps, they best be encrypted. An inventive soul can find a > way to get to clear text files if they have access to the right stuff. > > > Bob Bates > Enterprise Hosting Services > > w. (469)892-6660 > c. (214) 907-5071 > > "This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation." > > > > > The information contained in this e-mail and any accompanying documents may > contain information that is confidential or otherwise protected from > disclosure. If you are not the intended recipient of this message, or if > this message has been addressed to you in error, please immediately alert > the sender by reply e-mail and then delete this message, including any > attachments. Any dissemination, distribution or other use of the contents of > this message by anyone other than the intended recipient is strictly > prohibited. All messages sent to and from this e-mail address may be > monitored as permitted by applicable law and regulations to ensure > compliance with our internal policies and to protect our business. E-mails > are not secure and cannot be guaranteed to be error free as they can be > intercepted, amended, lost or destroyed, or contain viruses. You are deemed > to have accepted these risks if you communicate with us by e-mail. >
Re: Oops and finding passwords on a system...
And every human Operator need class D privclass to handle SPOOL operations. Some report or data files can be transferred by an Operator to another userid, viewed there, and transferred back. It makes me wonder how secret 3-letter US government agencies dealt with Operator, sysprog, and security admin issues. Mike Walter Hewitt Associates (Sent from the wee keyboard on a Blackberry.) - Original Message - From: "Bob Bates" [robert.ba...@wellsfargo.com] Sent: 05/12/2009 04:48 PM EST To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. Doesn't matter what's in the directory or what the userid is. If you are the primary operator, you've got the ability. Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files on other users if you have the authority to do it. Want to keep the passwords under wraps, they best be encrypted. An inventive soul can find a way to get to clear text files if they have access to the right stuff. Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: Oops and finding passwords on a system...
>From the HELP file for DEFINE MDISK says the PRIMARY OPERATOR has it. Doesn't >matter what's in the directory or what the userid is. If you are the primary >operator, you've got the ability. Besides, AUTOLOG, SET SECUSER, and SEND can also be used to look at files on other users if you have the authority to do it. Want to keep the passwords under wraps, they best be encrypted. An inventive soul can find a way to get to clear text files if they have access to the right stuff. Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation."
Re: Oops and finding passwords on a system...
On: Tue, May 12, 2009 at 01:59:40PM -0700,Schuh, Richard Wrote: } According to the help file, "The user must be the primary system operator or the user's OPTION directory statement must include the DEVMAINT option". Does this not indicate that OPERATOR does not need DEVMAINT? There are many cases, some intended, some accidental where OPERATOR is not the primary system operator. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself & my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta & Casey (RIP), Red & Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Oops and finding passwords on a system...
From the original z/VM 5.4.0 "USER DIRECT" (and yes, the password is exposed - anyone going into production with an IBM-distributed password *should* be in "triple-trouble"!): -- USER OPERATOR OPERATOR 32M 32M ABCDEFG INCLUDE IBMDFLT AUTOLOG AUTOLOG1 OP1 MAINT ACCOUNT 2 OPERATOR MACH ESA OPTION MAINTCCW IPL 190 LINK OP1 191 192 RR MDISK 191 3390 3301 005 VSR54I MR READ WRITEMULTIPLE -- (We save the original MAINT 02CC as MAINT D2CC (Distributed 2CC) as soon as the installation is complete. Let's us go back later to understand.) The "INCLUDE IBMDFLT" does not (and had better not) include "OPTION DEVMAINT". Could there perhaps be some confusion between "DEVMAINT" and "MAINTCCW"? Mike Walter Hewitt Associates "Scott Rohling" Sent by: "The IBM z/VM Operating System" 05/12/2009 04:04 PM Please respond to "The IBM z/VM Operating System" To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Oops and finding passwords on a system... Wow .. open mouth, insert foot ... it does imply OPERATOR has it by default - and here I am saying it's a security violation. This is just not my day :-( I guess OPERATOR 'is' the failsafe VM userid -- and by rights should have this ability for recovery. But I wouldn't want my typical VM operator doing these kinds of things. I guess an audit trail will have to suffice. Scott On Tue, May 12, 2009 at 2:59 PM, Schuh, Richard wrote: According to the help file, "The user must be the primary system operator or the user's OPTION directory statement must include the DEVMAINT option". Does this not indicate that OPERATOR does not need DEVMAINT? Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Tuesday, May 12, 2009 1:52 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... I understand your premise, but respectfully disagree. We're not going to increase the security of z/VM by not discussing ways to do things when necessary. The mirror question to yours is: 'How do I prevent a z/VM system from being hacked?'. The answer lies in things like: - Run an ESM (may I suggest RACF?) - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!) Any of the methods being discussed can only be done by a user with sufficient privilege to do so. None of this is secret stuff, nor should it be. Scott On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler wrote: Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically "How do I hack into a z/VM system?" Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn?t log in for awhile and, due to advancing age (actually a year older tomorrow too), I?ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don?t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don?t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I?ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." Hotmail® has ever-growing storage! Don?t worry about storage limits. Check it out. The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply
Re: Oops and finding passwords on a system...
Wow .. open mouth, insert foot ... it does imply OPERATOR has it by default - and here I am saying it's a security violation. This is just not my day :-( I guess OPERATOR 'is' the failsafe VM userid -- and by rights should have this ability for recovery. But I wouldn't want my typical VM operator doing these kinds of things. I guess an audit trail will have to suffice. Scott On Tue, May 12, 2009 at 2:59 PM, Schuh, Richard wrote: > According to the help file, "The user must be the primary system operator > or the user's OPTION directory statement must include the DEVMAINT option". > Does this not indicate that OPERATOR does not need DEVMAINT? > > > Regards, > Richard Schuh > > > > > -- > *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On > Behalf Of *Scott Rohling > *Sent:* Tuesday, May 12, 2009 1:52 PM > *To:* IBMVM@LISTSERV.UARK.EDU > *Subject:* Re: Oops and finding passwords on a system... > > I understand your premise, but respectfully disagree. We're not going to > increase the security of z/VM by not discussing ways to do things when > necessary. The mirror question to yours is: 'How do I prevent a z/VM > system from being hacked?'. The answer lies in things like: > > - Run an ESM (may I suggest RACF?) > - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does > OPERATOR actually have it? YIKES!!) > > Any of the methods being discussed can only be done by a user with > sufficient privilege to do so. None of this is secret stuff, nor should it > be. > > Scott > > On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler wrote: > >> Greetings all, >> >> These are the kind of questions I really hate to see, because many of us >> know the answer (or multiple answers) and want to help. Actually, it's those >> answers that I hate to see, because, to paraphrase, the root question is >> basically "How do I hack into a z/VM system?" Posting the answers to the >> list doesn't seem prudent, whereas a private response to Bob (you really are >> Bob, right?) would be more appropriate. It helps Bob, who we all know and >> love, solve his problem but doesn't compromise the integrity of everyone >> else's systems. >> >> Respectfully, >> >> Mark Wheeler >> >> http://www.linkedin.com/in/marklwheeler >> >> -- >> Date: Tue, 12 May 2009 14:36:19 -0500 >> From: nix.rob...@mayo.edu >> Subject: Oops and finding passwords on a system... >> To: IBMVM@LISTSERV.UARK.EDU >> >> I didn’t log in for awhile and, due to advancing age (actually a year >> older tomorrow too), I’ve forgotten what I made the MAINT password. And, >> since this was also the main password used for almost all the service >> machines, I don’t have any other locations to log into that would help me. I >> know; stupid. :( >> >> Could someone with a zVM 540 system please tell me the starting cylinder >> of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate >> it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my >> one working userid) I can get the password I need to regain control and save >> some face (other than here, since I’ve confessed to you all). >> >> Thanks to one and all for keeping this as quiet as possible. >> >> -- >> Robert P. Nix Mayo Foundation.~. >> RO-OE-5-55 200 First Street SW/V\ >> 507-284-0844 Rochester, MN 55905 /( )\ >> -^^-^^ >> "In theory, theory and practice are the same, but >> in practice, theory and practice are different." >> >> >> -- >> Hotmail® has ever-growing storage! Don’t worry about storage limits. Check >> it >> out.<http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009> >> > >
Re: Oops and finding passwords on a system...
There are other ways to passwords besides what has been discussed so far here.. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Tuesday, May 12, 2009 4:00 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... Absolutely this is a security risk! I would never give OPERATOR DEVMAINT ability - OPERATOR should have the ability to do particular things and query particular things -- but not things like see passwords or the get ability to get to anything they want (e.g. DEF MDISK). If I was an auditor - you'd be in big trouble, buddy ;-) And for not having an ESM maintain your passwords in an encrypted and unqueryable fashion -- double trouble.. Scott On Tue, May 12, 2009 at 2:52 PM, RPN01 wrote: eeded. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature)
Re: Oops and finding passwords on a system...
Absolutely this is a security risk! I would never give OPERATOR DEVMAINT ability - OPERATOR should have the ability to do particular things and query particular things -- but not things like see passwords or the get ability to get to anything they want (e.g. DEF MDISK). If I was an auditor - you'd be in big trouble, buddy ;-) And for not having an ESM maintain your passwords in an encrypted and unqueryable fashion -- double trouble.. Scott On Tue, May 12, 2009 at 2:52 PM, RPN01 wrote: > eeded. > > The evil question that comes to mind now is, could an auditor site you > because the operators effectively have access to all the passwords on the > system via roughly four commands? Is this considered a security hole > (though > one that proved very useful today...) > -- > Robert Nix -- Mayo Clinic > (shortened signature) > >
Re: Oops and finding passwords on a system...
According to the help file, "The user must be the primary system operator or the user's OPTION directory statement must include the DEVMAINT option". Does this not indicate that OPERATOR does not need DEVMAINT? Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Tuesday, May 12, 2009 1:52 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... I understand your premise, but respectfully disagree. We're not going to increase the security of z/VM by not discussing ways to do things when necessary. The mirror question to yours is: 'How do I prevent a z/VM system from being hacked?'. The answer lies in things like: - Run an ESM (may I suggest RACF?) - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!) Any of the methods being discussed can only be done by a user with sufficient privilege to do so. None of this is secret stuff, nor should it be. Scott On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler mailto:mwheele...@hotmail.com>> wrote: Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically "How do I hack into a z/VM system?" Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu<mailto:nix.rob...@mayo.edu> Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU<mailto:IBMVM@LISTSERV.UARK.EDU> I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." Hotmail(r) has ever-growing storage! Don't worry about storage limits. Check it out.<http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009>
Re: Oops and finding passwords on a system...
Actually, OPERATOR has it by default, though I¹m not sure why it needs it other than problems like this one. -- Robert Nix -- Mayo Clinic On 5/12/09 3:51 PM, "Scott Rohling" wrote: > - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does > OPERATOR actually have it? YIKES!!)
Re: Oops and finding passwords on a system...
I'd say yes if I were an auditor. Encrypted PW requirements are usually something you find on your company's security policy, an ESM is a necessity on VM. Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of RPN01 Sent: Tuesday, May 12, 2009 1:53 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Oops and finding passwords on a system... Yes, I discovered this shortly after asking. I was able to do this from OPERATOR, and then use DEFINE MDISK to get access to the disk and see the USER BACKUP file to get the passwords I needed. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature) On 5/12/09 2:55 PM, "Marcy Cortes" wrote: > Oops. > Make that > > Q MDISK USER DIRMAINT 1DB LOC > > > Marcy > > "This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or any > information herein. If you have received this message in error, please advise > the sender immediately by reply e-mail and delete this message. Thank you for > your cooperation." > > > -Original Message- > From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf > Of Marcy Cortes > Sent: Tuesday, May 12, 2009 12:54 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: [IBMVM] Oops and finding passwords on a system... > > If he is logged on, > > Q MDISK USER DIRMAINT LOC > > > > > Marcy
Re: Oops and finding passwords on a system...
Yes, I discovered this shortly after asking. I was able to do this from OPERATOR, and then use DEFINE MDISK to get access to the disk and see the USER BACKUP file to get the passwords I needed. The evil question that comes to mind now is, could an auditor site you because the operators effectively have access to all the passwords on the system via roughly four commands? Is this considered a security hole (though one that proved very useful today...) -- Robert Nix -- Mayo Clinic (shortened signature) On 5/12/09 2:55 PM, "Marcy Cortes" wrote: > Oops. > Make that > > Q MDISK USER DIRMAINT 1DB LOC > > > Marcy > > "This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or any > information herein. If you have received this message in error, please advise > the sender immediately by reply e-mail and delete this message. Thank you for > your cooperation." > > > -Original Message- > From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf > Of Marcy Cortes > Sent: Tuesday, May 12, 2009 12:54 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: [IBMVM] Oops and finding passwords on a system... > > If he is logged on, > > Q MDISK USER DIRMAINT LOC > > > > > Marcy
Re: Oops and finding passwords on a system...
I understand your premise, but respectfully disagree. We're not going to increase the security of z/VM by not discussing ways to do things when necessary. The mirror question to yours is: 'How do I prevent a z/VM system from being hacked?'. The answer lies in things like: - Run an ESM (may I suggest RACF?) - Don't hand out OPTION DEVMAINT indiscriminately (as in this case -- does OPERATOR actually have it? YIKES!!) Any of the methods being discussed can only be done by a user with sufficient privilege to do so. None of this is secret stuff, nor should it be. Scott On Tue, May 12, 2009 at 2:29 PM, Mark Wheeler wrote: > Greetings all, > > These are the kind of questions I really hate to see, because many of us > know the answer (or multiple answers) and want to help. Actually, it's those > answers that I hate to see, because, to paraphrase, the root question is > basically "How do I hack into a z/VM system?" Posting the answers to the > list doesn't seem prudent, whereas a private response to Bob (you really are > Bob, right?) would be more appropriate. It helps Bob, who we all know and > love, solve his problem but doesn't compromise the integrity of everyone > else's systems. > > Respectfully, > > Mark Wheeler > > http://www.linkedin.com/in/marklwheeler > > -------------- > Date: Tue, 12 May 2009 14:36:19 -0500 > From: nix.rob...@mayo.edu > Subject: Oops and finding passwords on a system... > To: IBMVM@LISTSERV.UARK.EDU > > I didn’t log in for awhile and, due to advancing age (actually a year older > tomorrow too), I’ve forgotten what I made the MAINT password. And, since > this was also the main password used for almost all the service machines, I > don’t have any other locations to log into that would help me. I know; > stupid. :( > > Could someone with a zVM 540 system please tell me the starting cylinder of > the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, > so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one > working userid) I can get the password I need to regain control and save > some face (other than here, since I’ve confessed to you all). > > Thanks to one and all for keeping this as quiet as possible. > > -- > Robert P. Nix Mayo Foundation.~. > RO-OE-5-55 200 First Street SW/V\ > 507-284-0844 Rochester, MN 55905 /( )\ > -^^-^^ > "In theory, theory and practice are the same, but > in practice, theory and practice are different." > > > -- > Hotmail® has ever-growing storage! Don’t worry about storage limits. Check > it > out.<http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009> >
Re: Oops and finding passwords on a system...
A little bit of social engeneering? From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Mark Wheeler Sent: Tuesday, May 12, 2009 3:30 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Oops and finding passwords on a system... Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically "How do I hack into a z/VM system?" Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." Hotmail(r) has ever-growing storage! Don't worry about storage limits. Check it out. <http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tu torial_Storage1_052009> == This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
Re: Oops and finding passwords on a system...
Greetings all, These are the kind of questions I really hate to see, because many of us know the answer (or multiple answers) and want to help. Actually, it's those answers that I hate to see, because, to paraphrase, the root question is basically "How do I hack into a z/VM system?" Posting the answers to the list doesn't seem prudent, whereas a private response to Bob (you really are Bob, right?) would be more appropriate. It helps Bob, who we all know and love, solve his problem but doesn't compromise the integrity of everyone else's systems. Respectfully, Mark Wheeler http://www.linkedin.com/in/marklwheeler Date: Tue, 12 May 2009 14:36:19 -0500 From: nix.rob...@mayo.edu Subject: Oops and finding passwords on a system... To: IBMVM@LISTSERV.UARK.EDU I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." _ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009
Re: Oops and finding passwords on a system...
Sweet! Thanks for that, Marcy .. that's a new one for me, we've apparently improved Q MDISK! (or I was just unblissfully ignorant) Scott On Tue, May 12, 2009 at 1:55 PM, Marcy Cortes wrote: > Oops. > Make that > > Q MDISK USER DIRMAINT 1DB LOC > > > Marcy > > >
Re: Oops and finding passwords on a system...
Mine is in the same location Steve Mitchell Sr Systems Software Specialist Blue Cross Blue Shield of Kansas (785) 291-8885 'There are no degrees of Honesty-you're either Honest or you're not! From: Mark Pace To: IBMVM@LISTSERV.UARK.EDU Date: 05/12/2009 02:46 PM Subject: Re: Oops and finding passwords on a system... MDISK 01DB 3390 1421 009 540W02 MR On Tue, May 12, 2009 at 3:36 PM, RPN01 wrote: I didn’t log in for awhile and, due to advancing age (actually a year older tomorrow too), I’ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don’t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I’ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation .~. RO-OE-5-55 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ - ^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 CONFIDENTIALITY NOTICE: This email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary, confidential, trade secret or privileged information. Any unauthorized review use, disclosure or distribution is prohibited and may be a violation of law. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Re: Oops and finding passwords on a system...
Oops. Make that Q MDISK USER DIRMAINT 1DB LOC Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Marcy Cortes Sent: Tuesday, May 12, 2009 12:54 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Oops and finding passwords on a system... If he is logged on, Q MDISK USER DIRMAINT LOC Marcy
Re: Oops and finding passwords on a system...
If he is logged on, Q MDISK USER DIRMAINT LOC Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of RPN01 Sent: Tuesday, May 12, 2009 12:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] Oops and finding passwords on a system... I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different."
Re: Oops and finding passwords on a system...
Might be time to get the DIRENT package from the IBM VM downloads page: http://www.vm.ibm.com/download/packages/descript.cgi?DIRENT This reads the object directory so you don't need access to the source directory.. Not sure if this helps - but maybe..? Scott On Tue, May 12, 2009 at 1:46 PM, Mark Pace wrote: > It would appear that the 1DB disk could be just about anywhere. > > > On Tue, May 12, 2009 at 3:44 PM, Mark Pace wrote: > >> MDISK 01DB 3390 1421 009 540W02 MR >> >> On Tue, May 12, 2009 at 3:36 PM, RPN01 wrote: >> >>> I didn’t log in for awhile and, due to advancing age (actually a year >>> older tomorrow too), I’ve forgotten what I made the MAINT password. And, >>> since this was also the main password used for almost all the service >>> machines, I don’t have any other locations to log into that would help me. I >>> know; stupid. :( >>> >>> Could someone with a zVM 540 system please tell me the starting cylinder >>> of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate >>> it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my >>> one working userid) I can get the password I need to regain control and save >>> some face (other than here, since I’ve confessed to you all). >>> >>> Thanks to one and all for keeping this as quiet as possible. >>> >>> -- >>> Robert P. Nix Mayo Foundation.~. >>> RO-OE-5-55 200 First Street SW/V\ >>> 507-284-0844 Rochester, MN 55905 /( )\ >>> -^^-^^ >>> "In theory, theory and practice are the same, but >>> in practice, theory and practice are different." >>> >>> >> >> >> -- >> Mark Pace >> Mainline Information Systems >> 1700 Summit Lake Drive >> Tallahassee, FL. 32317 >> > > > > -- > Mark Pace > Mainline Information Systems > 1700 Summit Lake Drive > Tallahassee, FL. 32317 >
Re: Oops and finding passwords on a system...
It would appear that the 1DB disk could be just about anywhere. On Tue, May 12, 2009 at 3:44 PM, Mark Pace wrote: > MDISK 01DB 3390 1421 009 540W02 MR > > On Tue, May 12, 2009 at 3:36 PM, RPN01 wrote: > >> I didn’t log in for awhile and, due to advancing age (actually a year >> older tomorrow too), I’ve forgotten what I made the MAINT password. And, >> since this was also the main password used for almost all the service >> machines, I don’t have any other locations to log into that would help me. I >> know; stupid. :( >> >> Could someone with a zVM 540 system please tell me the starting cylinder >> of the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate >> it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my >> one working userid) I can get the password I need to regain control and save >> some face (other than here, since I’ve confessed to you all). >> >> Thanks to one and all for keeping this as quiet as possible. >> >> -- >> Robert P. Nix Mayo Foundation.~. >> RO-OE-5-55 200 First Street SW/V\ >> 507-284-0844 Rochester, MN 55905 /( )\ >> -^^-^^ >> "In theory, theory and practice are the same, but >> in practice, theory and practice are different." >> >> > > > -- > Mark Pace > Mainline Information Systems > 1700 Summit Lake Drive > Tallahassee, FL. 32317 > -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317
Re: Oops and finding passwords on a system...
Happy Birthday! While I don't have access at the moment to a 5.4 system -- the type of DASD you used (3390-3 , 3390-9 ?) will be important for others to help... (I'll be trying to get to my 5.4 on 3390-9 with everything on 540RES in the meantime to help) Scott On Tue, May 12, 2009 at 1:36 PM, RPN01 wrote: > I didn’t log in for awhile and, due to advancing age (actually a year > older tomorrow too), I’ve forgotten what I made the MAINT password. And, > since this was also the main password used for almost all the service > machines, I don’t have any other locations to log into that would help me. I > know; stupid. :( > > Could someone with a zVM 540 system please tell me the starting cylinder of > the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, > so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one > working userid) I can get the password I need to regain control and save > some face (other than here, since I’ve confessed to you all). > > Thanks to one and all for keeping this as quiet as possible. > > -- > Robert P. Nix Mayo Foundation.~. > RO-OE-5-55 200 First Street SW/V\ > 507-284-0844 Rochester, MN 55905 /( )\ > -^^-^^ > "In theory, theory and practice are the same, but > in practice, theory and practice are different." > >
Re: Oops and finding passwords on a system...
MDISK 01DB 3390 1421 009 540W02 MR On Tue, May 12, 2009 at 3:36 PM, RPN01 wrote: > I didn’t log in for awhile and, due to advancing age (actually a year > older tomorrow too), I’ve forgotten what I made the MAINT password. And, > since this was also the main password used for almost all the service > machines, I don’t have any other locations to log into that would help me. I > know; stupid. :( > > Could someone with a zVM 540 system please tell me the starting cylinder of > the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, > so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one > working userid) I can get the password I need to regain control and save > some face (other than here, since I’ve confessed to you all). > > Thanks to one and all for keeping this as quiet as possible. > > -- > Robert P. Nix Mayo Foundation.~. > RO-OE-5-55 200 First Street SW/V\ > 507-284-0844 Rochester, MN 55905 /( )\ > -^^-^^ > "In theory, theory and practice are the same, but > in practice, theory and practice are different." > > -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317
Re: Oops and finding passwords on a system...
USER DIRMAINT MDISK 0155 3390 0021 009 3HUS02 MR MDISK 01AA 3390 3303 009 3HUS01 MR MDISK 01DB 3390 0039 009 3HUS02 MR MDISK 01DE 3390 0001 020 3HUS02 MR MDISK 01DF 3390 0030 009 3HUS02 MR MDISK 01FA 3390 3312 009 3HUS01 MR MDISK 02AA 3390 3321 009 3HUS01 MR MDISK 02DB 3390 0057 009 3HUS02 MR I'm using 3390-3 DASD... are you? On Tue, May 12, 2009 at 3:36 PM, RPN01 wrote: > I didn’t log in for awhile and, due to advancing age (actually a year older > tomorrow too), I’ve forgotten what I made the MAINT password. And, since > this was also the main password used for almost all the service machines, I > don’t have any other locations to log into that would help me. I know; > stupid. :( > > Could someone with a zVM 540 system please tell me the starting cylinder of > the DIRMAINT 1DB minidisk? I don’t think we had any reason to relocate it, > so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one > working userid) I can get the password I need to regain control and save > some face (other than here, since I’ve confessed to you all). > > Thanks to one and all for keeping this as quiet as possible. > > -- > Robert P. Nix Mayo Foundation .~. > RO-OE-5-55 200 First Street SW /V\ > 507-284-0844 Rochester, MN 55905 /( )\ > - ^^-^^ > "In theory, theory and practice are the same, but > in practice, theory and practice are different." > > -- Bruce Hayden Linux on System z Advanced Technical Support IBM, Endicott, NY
Re: Oops and finding passwords on a system...
MDISK 1DB 3390 2371 009 540W02 MR Thank you, Scott From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of RPN01 Sent: Tuesday, May 12, 2009 2:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Oops and finding passwords on a system... I didn't log in for awhile and, due to advancing age (actually a year older tomorrow too), I've forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don't have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don't think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I've confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or "Protected Health Information," within the meaning of the regulations under the Health Insurance Portability & Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you.
Oops and finding passwords on a system...
I didn¹t log in for awhile and, due to advancing age (actually a year older tomorrow too), I¹ve forgotten what I made the MAINT password. And, since this was also the main password used for almost all the service machines, I don¹t have any other locations to log into that would help me. I know; stupid. :( Could someone with a zVM 540 system please tell me the starting cylinder of the DIRMAINT 1DB minidisk? I don¹t think we had any reason to relocate it, so, I think, with that and a DEFINE MINIDISK command from OPERATOR (my one working userid) I can get the password I need to regain control and save some face (other than here, since I¹ve confessed to you all). Thanks to one and all for keeping this as quiet as possible. -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different."
