IBM Mainframe Forum

User identification and verification
RACF controls access to and protects resources. For a software access control mechanism to work effectively, it must first identify the person who is trying to gain access to the system, and then verify that the user is really that person.
RACF uses a user ID and a system-encrypted password or password phrase to perform its user identification and verification. When you define a user to RACF, you assign a user ID and password or a password phrase. The user ID identifies the person to the system as a RACF user.
The password or password phrase verifies the user's identity. The password or password phrase permits initial entry to the system, at which time the person is required to choose a new password or password phrase. Unless the user divulges it, no one else knows the user ID-password or password phrase combination.
During terminal processing, RACF allows the use of an operator identification card (OIDCARD) in place of, or in addition to, the password or password phrase. (The OIDCARD information is also encrypted.) By requiring a user to know both the correct password and the correct OIDCARD, you have increased assurance that the proper user has entered the user ID.

OPERATOR ID CARD
The OPERATOR ID CARD field indicates whether the user must insert an operator ID card in a card reader when logging onto the system. (Some terminals have a card reader attachment for reading operator ID cards during LOGON processing. Using operator ID cards is a security feature.) If the field specifies Y, the administrator enrolling the person must insert the same card during enrollment to associate the card with the user. The field is preset to N, which indicates no card is required.