Hi friends
How to activate OIDCARD in z/OS RACF?
Is OIDCARD a Physical Device?
How do they use it?
You might describe the OIDCARD.
Thank you.
OIDCARD IN RACF
Previous topic • Next topic • 5 posts
• Page 1 of 1
Re: OIDCARD IN RACF
by enrico-sorichetti » Tue Jul 30, 2019 6:22 pm
googling with OIDCARD will return quite a few links that will tell all You might want to know about the subject
cheers
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
- enrico-sorichetti
- Global moderator
- Posts: 3003
- Joined: Fri Apr 18, 2008 11:25 pm
- Has thanked: 0 time
- Been thanked: 164 times
Re: OIDCARD IN RACF
by Robert Sample » Tue Jul 30, 2019 6:28 pm
From the Security Administrator's Guide for RACF version 2.3, page 1:
OIDCARD is activated, like many other things in RACF, via the ALU TSO command.User identification and verification
RACF controls access to and protects resources. For a software access control mechanism to work effectively, it must first identify the person who is trying to gain access to the system, and then verify that the user is really that person.
RACF uses a user ID and a system-encrypted password or password phrase to perform its user identification and verification. When you define a user to RACF, you assign a user ID and password or a password phrase. The user ID identifies the person to the system as a RACF user.
The password or password phrase verifies the user's identity. The password or password phrase permits initial entry to the system, at which time the person is required to choose a new password or password phrase. Unless the user divulges it, no one else knows the user ID-password or password phrase combination.
During terminal processing, RACF allows the use of an operator identification card (OIDCARD) in place of, or in addition to, the password or password phrase. (The OIDCARD information is also encrypted.) By requiring a user to know both the correct password and the correct OIDCARD, you have increased assurance that the proper user has entered the user ID.
- These users thanked the author Robert Sample for the post:
- use_hadi (Tue Jul 30, 2019 6:33 pm)
- Robert Sample
- Global moderator
- Posts: 3720
- Joined: Sat Dec 19, 2009 8:32 pm
- Location: Dubuque, Iowa, USA
- Has thanked: 1 time
- Been thanked: 279 times
Re: OIDCARD IN RACF
by Robert Sample » Tue Jul 30, 2019 8:21 pm
Also, from the TSO/E Administration manual version 2.1, in the section entitled RACF Security Information:
I don't recall ever using a terminal with attached card reader, and I haven't found anything about what happens if the terminal does not have an attached card reader but OIDCARD is specified. Unless the terminal(s) you're using have attached card readers, I recommend staying away from the OIDCARD option of RACF.OPERATOR ID CARD
The OPERATOR ID CARD field indicates whether the user must insert an operator ID card in a card reader when logging onto the system. (Some terminals have a card reader attachment for reading operator ID cards during LOGON processing. Using operator ID cards is a security feature.) If the field specifies Y, the administrator enrolling the person must insert the same card during enrollment to associate the card with the user. The field is preset to N, which indicates no card is required.
- Robert Sample
- Global moderator
- Posts: 3720
- Joined: Sat Dec 19, 2009 8:32 pm
- Location: Dubuque, Iowa, USA
- Has thanked: 1 time
- Been thanked: 279 times
Re: OIDCARD IN RACF
by Robert Sample » Tue Jul 30, 2019 10:16 pm
I had a chance to do a little more research. Page 88 of http://www.textfiles.com/bitsavers/pdf/ibm/3270/GA27-2742-1_Operators_Guide_for_IBM_3270_Information_DIsplay_Systems_Jul72.pdf which is the 1972 (yes, 47 years ago) version of the Operators Guide for IBM 3270 Information Display Systems manual has a picture of an OIDCARD reader attached to a 3270 terminal.
- Robert Sample
- Global moderator
- Posts: 3720
- Joined: Sat Dec 19, 2009 8:32 pm
- Location: Dubuque, Iowa, USA
- Has thanked: 1 time
- Been thanked: 279 times
Previous topic • Next topic • 5 posts
• Page 1 of 1
-
- Related topics
- Replies
- Views
- Last post
-
- CDT in RACF
by racf » Thu Nov 27, 2008 4:53 pm - 2 Replies
- 4753 Views
- Last post by aquarius
Wed Sep 16, 2009 6:42 pm
- CDT in RACF
-
- racf under zVM
by v clemons » Sun Sep 23, 2012 7:19 pm - 2 Replies
- 4791 Views
- Last post by dick scherrer
Mon Sep 24, 2012 7:20 am
- racf under zVM
-
- ABOUT RACF CDT INFORMATION
by ravisankarc » Fri Sep 18, 2009 8:51 pm - 4 Replies
- 4893 Views
- Last post by enrico-sorichetti
Wed Sep 23, 2009 12:09 pm
- ABOUT RACF CDT INFORMATION
-
- RACF commands to TSS
by aqswde » Sun May 30, 2010 1:13 am - 0 Replies
- 3626 Views
- Last post by aqswde
Sun May 30, 2010 1:13 am
- RACF commands to TSS
-
- RACF protection
by Antonyraj85 » Thu Jul 01, 2010 11:21 pm - 1 Replies
- 3128 Views
- Last post by Robert Sample
Thu Jul 01, 2010 11:27 pm
- RACF protection