Cross Posting to IBMMAIN and RACF
After reading Walt Farrell's response
The passwords are, in fact, not stored at all. (There is one exception, the
password enveloping function, but that's a different discussion than this
one.) RACF encrypts the user ID using the password as the key, and
W dniu 2013-08-18 06:50, Paul Gilmartin pisze:
On Sat, 17 Aug 2013 12:54:41 -0500, Walt Farrell wrote:
RACF encrypts the user ID using the password as the key, and stores the
encrypted user ID. The password itself is not saved, in any form.
What happens when the user ID changes?
It won't
First, what version of z/OS are you running?
And another thought
I have not touched RACF directly in many years, so this may be old. Make sure
that your GLOBAL rules don't undercut your other rules improperly. Smart
auditors look at the DSMON report to see if your sensitive datasets are
Lets be specific here.
On Aug 17, 2013, at 12:30 PM, Skip Robinson jo.skip.robin...@sce.com wrote:
This exposure has been known--and discussed publicly--for several years.
It is NOT true that 'passwords are not stored'. If they weren't 'stored'
at all, then how could RACF validate the
In 791e2a3e-e500-46bd-98a9-02f34c650...@gmail.com, on 08/18/2013
at 08:48 AM, Louis Losee llo...@gmail.com said:
It is typically a difficult task to get a list of user ids without
read access to the RACF database.
It's easy to approximate.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
In 520f48c1.1010...@bremultibank.com.pl, on 08/17/2013
at 11:56 AM, R.S. r.skoru...@bremultibank.com.pl said:
Everyone with computer and the db
Presumably the point is that you *don't* have access to his RACF DB.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2
No Longer 'Old School'
IBM System z Academic Initiative partners with industry, universities,
professionals and students
http://tinyurl.com/kmrn5kj
http://www.destinationz.org/Academia/Articles/IBM-System-z-Academic-Initiative-partners-with-ind.aspx
--
Gabriel Goldberg, Computers and
Michael, for any KSDS, whether catalog or not, CA reclaim is never used for
those with IMBED.
So, you simply forget those with IMBED unless you can remove that in order to
get CA reclaim benefit.
Mike Wood
--
For IBM-MAIN
Skip,
There was an method posted many years ago that used a lexicon of common
words, and passwords, to encrypt a UID and match it to the value stored in
RACF. Is this what you are referring to?
The OP of that post mentioned this as an auditing tool, but I recall a
lengthy and robust discussion
Paul,
A
B
Just omit the duplicates, but keep the 1st one...
Ron
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
On Behalf Of Paul Gilmartin
Sent: Thursday, August 15, 2013 7:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN]
On Sun, 18 Aug 2013 15:48:17 -0700, Ron Hawkins wrote:
A
B
Just omit the duplicates, but keep the 1st one...
On Thu, 15 Aug 2013 17:24:43 +0300, Itschak Mugzach wrote:
Or sort with omit duplicates...
Sorting would seem to be counterproductive when comparing files.
Two files which differ
Gil,
I agree with you.
However, you may be replying to the wrong post.
I was simply commenting on what I know as normal behavior when a sorting
utility deletes duplicate keys or records.
Ron
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
12 matches
Mail list logo