IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Can we protect RACDCERT MAP?

1. Can we protect RACDCERT MAP?

Like
Colin Paice

IBM Champion
Posted 2 days ago

Reply
In the IBM-MAIN forum, there was discussion about started task userids, and how nopassword was good.
There was a comment made that Administrators should not be able to set the password for a protected userid ( so they cannot then logon with the privileged id use the password)
First question. How is this set up?

Second question.. following on from the first question.
I can use RACDCERT MAP to map a logon by certificate to become a userid. If I am a naughty administrator, I can set my certificate to be come an all powerful userid - even if the userid is protected (has no password).

How can I stop this - ie I am allowed to map certificates to normal ( a subset of ) userids, but not to privileged ones ?

------------------------------
Colin Paice
Retired
Retired
Stromness
------------------------------

IBM Security Z Security

Security for Z

Can we protect RACDCERT MAP?

1. Can we protect RACDCERT MAP?

Additional
Resources

Office

Quick Links

IBM Security Z Security

Security for Z

Can we protect RACDCERT MAP?

1. Can we protect RACDCERT MAP?

Related Content

More from the WW IBM Z Security Conference: Hacking thwarted by Multi-Factor Authentication

Worst case scenario: How to protect against a privileged access management breach.

Question on using CARLa to produce a report of selected userids from the RACF database

CARLa: Dataset Profiles accessed by userids

TYPE=UNIX, need userid and name

Additional Resources

Office

Quick Links

Additional
Resources