IBM Mainframe Forum

Mainframe Technical Support Forums

Skip to content


Password History



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts
Post a reply

Password History

Postby mehi1353 » Sat Oct 31, 2020 3:14 pm

Hi friends,

we have activated password history in our z/OS environment: user cannot re-use their "10" old passwords.
This acts correctly on TSO logon panel.
But with ALTUSER command, special users can change passwords to any old passwords, without any problem! (password history is bypassed!)

Why that happen any what we can do to prevent bypassing "password history"?

Thanks in advance,
Mehrdad
mehi1353
 
Posts: 40
Joined: Sun Jan 11, 2009 4:51 pm
Has thanked: 0 time
Been thanked: 0 time
Top

Re: Password History

Postby steve-myers » Sat Oct 31, 2020 5:35 pm

Generally speaking, RACF users with the SPECIAL attribute can do as they please, and that includes bypassing password history. This does not extend to all cases. For example, password history is not bypassed when changing their password in the LOGON panel. I do not know what would happen if they attempt to change their password with ALTUSER.
steve-myers
Global moderator
 
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times
Top
Post a reply

Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post
Forum Rules|FAQ|Subscriptions|Bookmarks
cron