Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

RACF Password Expiry.

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> JCL & VSAM
View previous topic :: :: View next topic  
Author Message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1475
Location: Chennai

PostPosted: Tue Aug 17, 2010 7:47 pm    Post subject: RACF Password Expiry.
Reply with quote

Hi,

I have access to 30 to 40 lpars, but I use them only rarely (i.e. if there is an issue)
At our shop, if an ID is not used for over 45 days then the ID is removed from the system completely and some of my IDS got removed.
To avoid this I am planning to setup a job to keep my ID active on all LPARs.

All the LPAR nodes support JES transmission of job, so if the below job is run on single master LPAR once in 30 days & transmit the job to other LPARs, please let me know if this would prevent RACF from removing my ids?


Password changing job:

Code:
//USERIDJ JOB .....
//             USER=MYUSERID,                 
//             PASSWORD=(OLDPASS,NEWPASS),
/*ROUTE XEQ   NODENAME


Similarly for other remaining LPARs.

Thanks in advance,
Back to top
View user's profile Send private message

Anuj Dhawan

Senior Member


Joined: 22 Apr 2006
Posts: 6258
Location: Mumbai, India

PostPosted: Tue Aug 17, 2010 8:35 pm    Post subject: Re: RACF Password Expiry.
Reply with quote

vasanthz wrote:
At our shop, if an ID is not used for over 45 days then the ID is removed from the system completely and some of my IDS got removed.
Do you have different ID (RACF) for every different LPAR? icon_eek.gif
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1475
Location: Chennai

PostPosted: Tue Aug 17, 2010 8:37 pm    Post subject:
Reply with quote

Hi,
Yes,I have different IDs for them, maintaining the ID & passwords for each one is a task onto itself.

Regards,
Back to top
View user's profile Send private message
enrico-sorichetti

Global Moderator


Joined: 14 Mar 2007
Posts: 10232
Location: italy

PostPosted: Tue Aug 17, 2010 8:49 pm    Post subject: Reply to: RACF Password Expiry.
Reply with quote

if Your auditors are a bit smart, You might get questioned, with rather unpleasant results
keep-alive tricks are frowned upon in most organizations

the best thing would be to review with the powers the setup,
the issue should be common also to other people
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1475
Location: Chennai

PostPosted: Tue Aug 17, 2010 9:14 pm    Post subject:
Reply with quote

Enrico, Thanks for responding.
I did not look at it in that perspective. I don't think there is much can be done than me manually logging into all of them once. mmm...
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1475
Location: Chennai

PostPosted: Tue Aug 17, 2010 9:20 pm    Post subject:
Reply with quote

Hi,
If I was changing my passwords once a month and if the RACF does not flag me as inactive user, then I guess the blame is on the RACF. icon_biggrin.gif
Regards,
Back to top
View user's profile Send private message
enrico-sorichetti

Global Moderator


Joined: 14 Mar 2007
Posts: 10232
Location: italy

PostPosted: Tue Aug 17, 2010 9:21 pm    Post subject: Reply to: RACF Password Expiry.
Reply with quote

maybe I did not express clearly my thoughts
manual or automatic, it will make little difference,
as I said if the auditors have a sound approach to auditing
an ID which logins/logons to a system only once every 40 days is still something to investigate
( seen it, done it, at the end there was no reason for the ID to be there )
Back to top
View user's profile Send private message
dick scherrer

Site Director


Joined: 23 Nov 2006
Posts: 19270
Location: Inside the Matrix

PostPosted: Tue Aug 17, 2010 9:22 pm    Post subject:
Reply with quote

Hello,

I simply log on and change the passwords each month. . .

It is a pain, but doesn't really take long. . .

And it is not near the pain of having to get an id re-instated. . .
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1475
Location: Chennai

PostPosted: Tue Aug 17, 2010 11:34 pm    Post subject:
Reply with quote

I agree D.
Back to top
View user's profile Send private message
santy
Warnings : 1

New User


Joined: 19 Jul 2007
Posts: 22
Location: mumbai

PostPosted: Tue Sep 14, 2010 11:00 am    Post subject: Reply to: RACF Password Expiry.
Reply with quote

most simple option i m using is to login and changing the password manunally from the login screen once in month.

that's the best option to come out through this problem.:)
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> JCL & VSAM All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts RACF profile access vasanthz All Other Mainframe Topics 11 Fri Sep 23, 2016 5:51 am
No new posts Random Password (in string format) ge... ezhavendhan COBOL Programming 10 Mon Aug 29, 2016 3:18 pm
No new posts RACF Easytrieve Plus macro Susan Jackson CA Products 0 Fri Jun 03, 2016 8:25 pm
No new posts REST API call - username and password... vasanthz All Other Mainframe Topics 1 Thu Mar 10, 2016 6:34 pm
No new posts Need help in Finding who changed the ... steve-myers JCL & VSAM 6 Wed Jan 27, 2016 9:01 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us