Password History



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Password History

Postby mehi1353 » Sat Oct 31, 2020 3:14 pm

Hi friends,

we have activated password history in our z/OS environment: user cannot re-use their "10" old passwords.
This acts correctly on TSO logon panel.
But with ALTUSER command, special users can change passwords to any old passwords, without any problem! (password history is bypassed!)

Why that happen any what we can do to prevent bypassing "password history"?

Thanks in advance,
Mehrdad
mehi1353
 
Posts: 32
Joined: Sun Jan 11, 2009 4:51 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Password History

 

Re: Password History

Postby steve-myers » Sat Oct 31, 2020 5:35 pm

Generally speaking, RACF users with the SPECIAL attribute can do as they please, and that includes bypassing password history. This does not extend to all cases. For example, password history is not bypassed when changing their password in the LOGON panel. I do not know what would happen if they attempt to change their password with ALTUSER.
steve-myers
Global moderator
 
Posts: 2085
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 235 times


Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post