Global Security Forum

 View Only
  • 1.  zSecure Admin - Copy or Recreate User - No MFA information cloned

    Posted 30 days ago

    We use zSecure Admin and may use the Copy ( C )  or Recreate ( R ) command to clone or recreate a defined RACF USERID. These commands generate the necessary RACF commands including ADDUSER, Connect etc. to recreate or clone a Userid.

     

    However, for Userids that have an ACTIVE MFA Factor, none of the MFA related data is cloned or recreated following execution of the command.

     

    Is there a means to clone or recreate a user and to carry with that process, the MFA information from the Userid profile?

     

    Thanks

    Damien

     

    This document is strictly confidential and is intended for use by the addressee unless otherwise indicated. Allied Irish Banks AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Central Bank of Ireland. Registered Office: 10 Molesworth Street, Dublin 2. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173. The AIB logo, AIB (NI), Allied Irish Bank (GB) and Allied Irish Bank (GB) Savings Direct are trademarks used under licence by AIB Group (UK) p.l.c. AIB Group (UK) p.l.c is incorporated in Northern Ireland. Registered Office 92 Ann Street, Belfast BT1 3HH. Registered Number NI018800. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority ~~~~~~~Please consider the environment before printing this Email~~~~~~~~ This email has been scanned by an external Email Security System. This Disclaimer has been generated by CMDis


  • 2.  RE: zSecure Admin - Copy or Recreate User - No MFA information cloned

    Posted 27 days ago
    Hi Damien,

    Questions like these are best asked in the Z Security forum:
    Hidden page that shows the message digest from the home page
    community.ibm.com

    COPY does not currently support copying a user's MFA credentials. In my opinion, this is also a bit questionable, since users shouldn't have the same MFA data.

    RECREATE does support this, provided you are on 2.5 or 3.1 with the latest maintenance:

    Regards,

    Jeroen J.-W. Tiggelman
    Senior Software Development Manager IBM Security zSecure suite

    IBM Technology - Netherlands Development Laboratory, Delft
    Jeroen.Tiggelman@nl.ibm.com

     

    Unless otherwise stated above:

    IBM Nederland B.V.
    Gevestigd te Amsterdam
    Inschrijving Handelsregister Amsterdam Nr. 33054214





  • 3.  RE: zSecure Admin - Copy or Recreate User - No MFA information cloned

    Posted 27 days ago

    Thanks Jerone for the prompt response. I'll post to the zSecurity community going forward for such queries.

     

    The use of "Use CKGRACF to update the user profile" provides what we need, and I'll talk to our software team regarding the newer PTFs to ascertain status.

     

    -Damien.  

     

     

    Damien Dunne

    Mainframe & Tandem | Technology and Data

    M: +353 (0)86 041 2818

    Block H, Central Park, Dublin 18, D18 CK74

     

    Empowering People to build a sustainable future

     

    A/L – 15th – 21st Aug.

     

     

    This document is strictly confidential and is intended for use by the addressee unless otherwise indicated. Allied Irish Banks AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Central Bank of Ireland. Registered Office: 10 Molesworth Street, Dublin 2. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173. The AIB logo, AIB (NI), Allied Irish Bank (GB) and Allied Irish Bank (GB) Savings Direct are trademarks used under licence by AIB Group (UK) p.l.c. AIB Group (UK) p.l.c is incorporated in Northern Ireland. Registered Office 92 Ann Street, Belfast BT1 3HH. Registered Number NI018800. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority ~~~~~~~Please consider the environment before printing this Email~~~~~~~~ This email has been scanned by an external Email Security System. This Disclaimer has been generated by CMDis





  • 4.  RE: zSecure Admin - Copy or Recreate User - No MFA information cloned

    Posted 27 days ago
    Hi Damien,

    You are welcome.

    You need the PTFs for the non-CKGRACF path. The CKGRACF path should already work without those.

    Regards,

    Jeroen J.-W. Tiggelman
    Senior Software Development Manager IBM Security zSecure suite

    IBM Technology - Netherlands Development Laboratory, Delft
    Jeroen.Tiggelman@nl.ibm.com


    Unless otherwise stated above:

    IBM Nederland B.V.
    Gevestigd te Amsterdam
    Inschrijving Handelsregister Amsterdam Nr. 33054214