|
View previous topic :: View next topic
|
| Author |
Message |
vasanthz
Global Moderator
Joined: 28 Aug 2007
Posts: 1742
Location: Tirupur, India
|
|
|
|
Hi,
I have access to 30 to 40 lpars, but I use them only rarely (i.e. if there is an issue)
At our shop, if an ID is not used for over 45 days then the ID is removed from the system completely and some of my IDS got removed.
To avoid this I am planning to setup a job to keep my ID active on all LPARs.
All the LPAR nodes support JES transmission of job, so if the below job is run on single master LPAR once in 30 days & transmit the job to other LPARs, please let me know if this would prevent RACF from removing my ids?
Password changing job:
| Code: |
//USERIDJ JOB .....
// USER=MYUSERID,
// PASSWORD=(OLDPASS,NEWPASS),
/*ROUTE XEQ NODENAME
|
Similarly for other remaining LPARs.
Thanks in advance, |
|
| Back to top |
|
 |
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006
Posts: 6250
Location: Mumbai, India
|
|
|
|
| vasanthz wrote: |
| At our shop, if an ID is not used for over 45 days then the ID is removed from the system completely and some of my IDS got removed. |
Do you have different ID (RACF) for every different LPAR?  |
|
| Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007
Posts: 1742
Location: Tirupur, India
|
|
|
|
Hi,
Yes,I have different IDs for them, maintaining the ID & passwords for each one is a task onto itself.
Regards, |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10873
Location: italy
|
|
|
|
if Your auditors are a bit smart, You might get questioned, with rather unpleasant results
keep-alive tricks are frowned upon in most organizations
the best thing would be to review with the powers the setup,
the issue should be common also to other people |
|
| Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007
Posts: 1742
Location: Tirupur, India
|
|
|
|
Enrico, Thanks for responding.
I did not look at it in that perspective. I don't think there is much can be done than me manually logging into all of them once. mmm... |
|
| Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007
Posts: 1742
Location: Tirupur, India
|
|
|
|
Hi,
If I was changing my passwords once a month and if the RACF does not flag me as inactive user, then I guess the blame is on the RACF. 
Regards, |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10873
Location: italy
|
|
|
|
maybe I did not express clearly my thoughts
manual or automatic, it will make little difference,
as I said if the auditors have a sound approach to auditing
an ID which logins/logons to a system only once every 40 days is still something to investigate
( seen it, done it, at the end there was no reason for the ID to be there ) |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix
|
|
|
|
Hello,
I simply log on and change the passwords each month. . .
It is a pain, but doesn't really take long. . .
And it is not near the pain of having to get an id re-instated. . . |
|
| Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007
Posts: 1742
Location: Tirupur, India
|
|
|
|
| I agree D. |
|
| Back to top |
|
|
santy
Warnings : 1
New User
Joined: 19 Jul 2007
Posts: 22
Location: mumbai
|
|
|
|
most simple option i m using is to login and changing the password manunally from the login screen once in month.
that's the best option to come out through this problem.:) |
|
| Back to top |
|
|
|
|
