IBM OS/390 Server User Manual


 
The ALTUSER command allows an administrator to reset a user's password to
a temporary password or a default value. This command is modified to save the
old password whenever the password is reset.
The PASSWORD USER (
userid
) command provides users and administrators
with a password reset function. This command is modified to save the old
password whenever the password is reset.
Tivoli Management Environment (TME) 10 Global Enterprise
Management User Administration Service
The Tivoli Management Environment (TME) 10 Global Enterprise Manager User
Administration Service provides the ability to manage UNIX, Windows NT,
NetWare, and RACF accounts from a single, common interface (either graphical or
command line). The RACF support for this, which was provided by APARs
OW23445 and OW23446, includes:
The TMEADMIN class, which is used to map a TME administrator to a RACF user
ID.
Callable services to:
Derive a session key from a previously generated RACF PassTicket. The Tivoli
Management Region (TMR) TCP/IP server uses such session keys to encrypt
and decrypt administrative data that flows between the TMR server and
OS/390.
Convey RACF administrative changes to RACF. The new R_Admin callable
service provides a function-code driven parameter list with data fields consisting
of name-value pairs. This name-value pair support is used by the TME user
administration service to add or update the following RACF user profile
information:
BASE profile information
OMVS segment
NETVIEW segment
TSO segment
CICS segment
In addition to the above, the R_Admin callable service provides a run command
function in which most RACF TSO commands may be executed.
Changes to the RACF TSO command ALTUSER. The NOCLAUTH key will now
accept an asterisk ('*') to indicate removal of all of the user's CLAUTH authorities.
Program Control by System ID
RACF provides a means to restrict access to a program based on the system
identifier (SMFID). This additional program control by system ID improves system
management and usability of program products in a sysplex environment. It also
eliminates error-prone manual procedures, the need to keep DASD that is not
shared, and the potential savings on licensing fees by controlling which systems in
a sysplex the licensed software may execute on. Previously many customers
complied with licensing agreements by paying for ALL system that the software
COULD run on because there was no easy way to restrict access to a particular
8 OS/390 V2R4.0 Security Server (RACF) Planning: Installation and Migration