[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: RACF define a non-revoking user on password attempts
From:       D E Engelbrecht <elardus.engelbrecht () SITA ! CO ! ZA>
Date:       2013-01-30 7:02:15
Message-ID: 201301300702.r0U6BYw7027476 () waikiki ! cc ! uga ! edu
[Download RAW message or body]

Sokolsky, Hayim Z. wrote:

>There is no way to exempt a user that has a password from being revoked
due to excessive password attempts - unless you code a RACINIT post-
processing exit (ICHRIX02) to handle that situation, or implement similar
functionality triggered by a console message (ICH408I specific to the user
becoming revoked) or an SMF exit trapping the event and doing the same.

There is a way (sort of): SETROPTS PASSWORD(NOREVOKE)

Of course this is a big NO-NO because it affects all and every users!

As others said - this is a security issue, not RACF issue.

I don't like the OP's request, but it s just me. I would rather suggest
PROTECTED status or use SURROGAT.

Groete / Greetings
Elardus Engelbrecht
[prev in list] [next in list] [prev in thread] [next in thread]