Password History

All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Password History

Postby mehi1353 » Sat Oct 31, 2020 3:14 pm

Hi friends,

we have activated password history in our z/OS environment: user cannot re-use their "10" old passwords.
This acts correctly on TSO logon panel.
But with ALTUSER command, special users can change passwords to any old passwords, without any problem! (password history is bypassed!)

Why that happen any what we can do to prevent bypassing "password history"?

Thanks in advance,
Posts: 39
Joined: Sun Jan 11, 2009 4:51 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Password History

Postby steve-myers » Sat Oct 31, 2020 5:35 pm

Generally speaking, RACF users with the SPECIAL attribute can do as they please, and that includes bypassing password history. This does not extend to all cases. For example, password history is not bypassed when changing their password in the LOGON panel. I do not know what would happen if they attempt to change their password with ALTUSER.
Global moderator
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times

Return to Mainframe Security


  • Related topics
    Last post