On Tue, 9 Oct 2007 15:36:48 -0500, Brian Nielsen [EMAIL PROTECTED]
wrote:
Maybe I'm just tired of having to make directory edits to remove default
passwords for the last 25 years (in releases going all the way back to
VM/370) and who knows how far into the future. I'm a big fan of fix it
Of [EMAIL PROTECTED]
Sent: Thursday, October 11, 2007 5:31 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Initial User Directory
I think it is a *very good* idea to keep a system - whether it's a
starter system or whatever - that does not have an ESM and is an
unmodified system, and isolated from
I would like it to go a step further, like with some linux installations
that ask for a root password and another userid to be added. I like
having ALL system related userids be AUTOONLY, LBYONLY, NOLOG or have a
randomly generated password. All userids that need to actually need to
be logged
On Tuesday, 10/09/2007 at 10:01 EDT, Thomas Kern [EMAIL PROTECTED]
wrote:
I would like it to go a step further, like with some linux installations
that ask for a root password and another userid to be added. I like
having ALL system related userids be AUTOONLY, LBYONLY, NOLOG or have a
No argument here. One of the most disliked chores of installing a new
z/VM is changing all of the default passwords.
Alan Altmark wrote:
On Tuesday, 10/09/2007 at 10:01 EDT, Thomas Kern [EMAIL PROTECTED]
wrote:
I would like it to go a step further, like with some linux installations
that ask
How about inserting a dialog that lets the installer determine which
category to put userids into? And to create an initial password for the
rest or to request a single random or individual random passwords?
But until this step of the install is complete (no directxa errors), the
system is
Understand that if we were to go this way, the Old School let
the customer decide wouldn't be there. So I would ask that
those who would object to such a change to speak up.
A couple of thoughts:
1) I don't view it as a big deal to change all the passwords
upon initial install. It
4) I don't think I like the idea of all system user id's being
AUTOONLY/LBYONLY/NOLOG. I think this should be a decision
that the person installing the system would make.
Ed Zell
Illinois Mutual Life
(309) 674-8255 x-107
.
Actually that's a decision the SOX auditors caused our
4) I don't think I like the idea of all system user id's being
AUTOONLY/LBYONLY/NOLOG. I think this should be a decision
that the person installing the system would make.
Actually that's a decision the SOX auditors caused our clients to
make, and I now follow.
Ron
That is
It seems I started a worthwhile discussion with my posting :-)
I would like to see the directory as secure as possible after having sat
in a 2 hour meeting (more of a grilling) with my IT auditors before I
received approval to move forward with z/VM to support virtualized Linux
servers. And
User Directory ( was: hacking vm/cms (probably old news))
I would like it to go a step further, like with some linux installations
that ask for a root password and another userid to be added. I like
having ALL system related userids be AUTOONLY, LBYONLY, NOLOG or have a
randomly generated
I think my auditors and cyber/network security folks would like to make
sure that I had to make a conscious effort to set the userids into
either an ENABLE or DISABLE state. They don't like default passwords. In
VM, we sort of have sub-categories for ENABLE, these being AUTOONLY,
LBYONLY or
You could add one question to the initial dialog:
Old School, or Paranoid? (O or P):
It'd be interesting to collect statistics, but I think that, in today's
market, paranoid would win out.
--
.~.Robert P. Nix Mayo Foundation
/V\RO-OE-5-55200 First
Isn't that a bit of an overkill for a starter system??
Not really. If you start with a fairly buttoned-up system, you know exactly
what holes you open because you do it deliberately (and it's completely your
fault if you screw it up). What Tom's described is a pretty tight system, and
it's
the match
was found.
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED]
Behalf Of RPN01
Sent: Tuesday, October 09, 2007 11:11 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Initial User Directory
You could add one question to the initial dialog:
Old School
@LISTSERV.UARK.EDU
Subject: Re: Initial User Directory
No argument here. One of the most disliked chores of installing a new
z/VM is changing all of the default passwords.
Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED]
Behalf Of Thomas Kern
Sent: Tuesday, October 09, 2007 12:09 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Initial User Directory ( was: hacking vm/cms (probably old
news))
unfortunately lots of new Linux-server VM systems
]*
Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
10/09/2007 10:00 AM
Please respond to
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Initial User Directory ( was: hacking vm/cms (probably old news
[mailto:[EMAIL PROTECTED] On Behalf Of
David Boyes
Sent: Tuesday, October 09, 2007 9:23 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Initial User Directory ( was: hacking vm/cms (probably old news))
Isn't that a bit of an overkill for a starter system??
Not really. If you start with a fairly
ROOT is already in the directory for Open Extensions. Let's not mess
with a good thing.
When we're teaching classes invariably there are a good mix of Linux
people and mainframe (usually z/OS) people. Actually the last class
that I taught, the Linux people kept up quite well with the z/VM
Operating System IBMVM@LISTSERV.UARK.EDU
10/09/2007 01:20 PM
Please respond to
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: Initial User Directory ( was: hacking vm/cms (probably old news))
I'm sorry, but if I have to learn LINUX I think
A full pack is allocated to each page and spool with Version 5.
Although that may not be enough for some (most) Linux implementations,
it's certainly better than the old defaults. :)
[EMAIL PROTECTED] wrote:
And the Starter System (Initial System) has very limited page and spool
space,
I'd like to see all but one delivered userid be NOLOG, AUTOONLY, or
LBYONLY and a LOGONBY statement in the directory PROFILE(s) of the LOGONB
Y
users. The LOGONBY statement(s) would all list the single userid (eg.
INSTALL) deliverd with a password. That INSTALL userid should get delete
d
I'd like to see all but one delivered userid be NOLOG, AUTOONLY, or
LBYONLY and a LOGONBY statement in the directory PROFILE(s) of the
LOGONBY
users. The LOGONBY statement(s) would all list the single userid (eg.
INSTALL) deliverd with a password. That INSTALL userid should get
deleted
A full pack is allocated to each page and spool with Version 5.
Although that may not be enough for some (most) Linux implementations,
it's certainly better than the old defaults. :)
Which got changed by exactly this kind of discussion...
User Directory
I'd like to see all but one delivered userid be NOLOG, AUTOONLY, or
LBYONLY and a LOGONBY statement in the directory PROFILE(s) of the LOGONBY
users. The LOGONBY statement(s) would all list the single userid (eg.
INSTALL) deliverd with a password. That INSTALL userid should
Once a year
-Original Message-
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Huegel, Thomas
Sent: Tuesday, October 09, 2007 2:50 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Initial User Directory
a year
-Original Message-
*From:* The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] *On Behalf Of *Huegel, Thomas
*Sent:* Tuesday, October 09, 2007 2:50 PM
*To:* IBMVM@LISTSERV.UARK.EDU
*Subject:* Re: Initial User Directory
Why are we trying to fix
more work that is of very little, if any, benefit.
Regards,
Richard Schuh
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Brian Nielsen
Sent: Tuesday, October 09, 2007 11:00 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Initial User Directory
On Tuesday, 10/09/2007 at 12:26 EDT, Huegel, Thomas [EMAIL PROTECTED]
wrote:
There already is the RPWLIST DATA file perhaps a minor change that would
allow
a new password other than NOLOG be selected when a match was found. ie
another
field in the RPWLIST DATA file with the new password
On Tue, 9 Oct 2007 13:49:37 -0500, Huegel, Thomas [EMAIL PROTECTED]
wrote:
Why are we trying to fix something that isn't really broken?
How often do we install a new system once every 2-3 years? And how long
does
the install system live before going production, a few weeks? What can b
e
hacked
On 10/9/07, Ed Zell [EMAIL PROTECTED] wrote:
4) I don't think I like the idea of all system user id's being
AUTOONLY/LBYONLY/NOLOG. I think this should be a decision
that the person installing the system would make.
Actually that's a decision the SOX auditors caused our clients
32 matches
Mail list logo
