× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2008

Re: How do you manage your QSECOFR profile and other Q profiles?

My co-workers in IT can never remember the QSECOFR password when needed (eg.
tech support is here & they need into whatever.)

I gave top management a directory of passwords for 400 & BPCS, in case I get
run over by the union truck & you need someone else to fill my shoes ... I
changed passwords, gave them the new ones, to replace their list, they could
not find the old ones.

I have told key managers & IT co-workers where I have "hid" this kind of
stuff & off-site backups. Never remember, always ask Al when need the info.

We have different IT people with different view points on this.

When someone's PC goes bananas, someone has to do tech support on it.
Or someone off sick & we need into their stuff.
That IT repair person has a master directory of the passwords used by all co-
workers to get onto company network, 400, e-mail, pin # for phone messages,
the whole 9 yards, to facilitate that tech support.
I have seen that master list laying around in plain sight on IT co-worker
desks.

1. 100% of our Q profiles either cannot be signed on period, or have
a password different from how it came from IBM.
2. There are consultants we trust, and consultants in another category.
Invariably we are told by higher management to give them whatever
they need, then when they are done, we undo some of the bone headed
things they did to our security, and change all the security passwords.

3. We have security auditing going on, with job scheduler sending
recent report to a particular OUTQ eevery nite, for us to study next
morning & react accordingly to the latest bad stuff.
4. After turn-over with a bunch of people who worked high management
& knew passwords of tons of people, including those used by IT,
management was persuaded to change our IP address, in addition to
IT changing all passwords for IT.
5. I am frequently called away from my desk while I am in middle of
signed on ... I hate to close out what I was in middle of, such as
changing a program, but I also hate to leave my work station
unattended ... thus I have several sign ons, one I use ONLY for
security work, and I always sign THAT off when I am called away from
my work area.
6. Our security auditing caught instances of * management people
left their offices open when went to lunch * unknown person went
into manager office-A, buessed up to maximum for passwords until hit
ceiling & plug pulled on that office * unknown person went next door,
same thing * next door, same thing I showed evidence to occupants
of those offices, who now close & lock them when they going to be
away for a while.

Al Macintyre
at an even smaller shop than yours

We have a small shop and the five of us - two developers, an
administrator, a manager and a VP - all have powerful enough
profiles that we rarely need to sign on as QSECOFR or any other Q
profile.

Because of the powerful profiles we have, we don't really have a
policy on usage of the QSECOFR profile but I need to write a policy
and manage the QSECOFR profile properly. What's the best practice
here? Should just one person know it and keep it a record of it in
the safe, so if he's not here, someone can at least get at it?

What about changing it? It seems kind of senseless and error prone
to change it every ninety days in accordance with the rest of our
policy if it hasn't been used in 90 days.

QSYSOPR hasn't been used since August 2000. Do any of you use the
QSYSOPR profile? I'm thinking the administrator (that'd be me)
should start using it as a day to day profile just for tracking
purposes.

Bryan Burns
iSeries Specialist
ECHO, Incorporated
Lake Zurich, Illinois

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options, visit:
http://lists.midrange.com/mailman/listinfo/midrange-l or email:
MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment
to review the archives at http://archive.midrange.com/midrange-l.

--
WOW! Homepage (http://www.wowway.com)


--
WOW! Homepage (http://www.wowway.com)


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.