× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. May 2007

Re: Disabled Userids

Steve.Neeland wrote:

Is anyone aware if a way exists to exempt a userid profile from
switching to a *DISABLED status when too many invalid passwords may be
entered? We have some special userids used for batch-only applications,
and if they happened to get disabled the applications would return
abends.

Steve:

A *DISABLED profile can still be the user of a submitted batch job. A simple batch job doesn't need an enabled job user. Why would such a profile have a password?

However, if something within the job requires an enabled job profile, then call a proc/program that ensures the profile is *ENABLED before entering the sensitive portion.

This proc/program could be created *OWNER and have sufficient authority to enable the job's profile. If it's a proc, call it out of a *SRVPGM.

One reason a password might be needed would be for signing on to remote servers and a matching password is being used. Note that an additional problem could be that the password was changed -- the profile is still enabled but the connection ain't gonna work. You fix the disabling but it still fails.

The above proc could also ensure that a password value was a correct one. The correct value would be stored externally in encrypted form and retrieved as needed.

There are various ways of automating the re-enabling of profiles, but perhaps a closer look at the actual business need is called for. Maybe it just isn't needed. Even for remote servers, there are usually better ways.

Tom Liotta


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.