RE: Audits and profiles with passwords the same as the profile -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

As a coda to Rob's recommendations, you should almost certainly ensure
that those profiles cannot be used to sign on to the system by
specifying (off the top of my head)
INLPGM(*NONE) and INLMNU(*SIGNOFF).

Trevor Briggs
Analyst/Programmer
Lincare, Inc.
(727) 431-1246
TBriggs2@xxxxxxxxxxx
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
rob@xxxxxxxxx
Sent: Thursday, May 15, 2014 8:32 AM
To: Midrange Systems Technical Discussion
Subject: Re: Audits and profiles with passwords the same as the profile

Whether a user profile owns objects, is in a group, is the group, etc.
should have no effect on whether or not you change the password.
What will have an effect is if you do stuff like have PC RMTCMD
statements
tied to the old password, RUNRMTCMD for IBM i to IBM i communication,
embedded CONNECT TO ... USING statements using the password in the code,

Lotus Enterprise Integrator (or like techniques), java connections,
WRKRDBDIRE and a plethora of other things.

I say change it. It's too big of a security risk. It's worth the
possible disruption in business that may pop up because of imbedded
passwords.

Rob Berendt

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.