Scenario 2: Converting Operator Passwords

This scenario assumes you currently define operator logon passwords in the NetView® DSIOPF member. If you have an SAF product installed, and if you are already using it for NetView password security, skip this step. When you complete this scenario, your system will use the SAF product to validate NetView operator passwords.

The advantages for using an SAF product for passwords include:
  • All NetView operator passwords can be maintained in a secure place.
  • Enforcement of consistent rules for operator passwords across multiple products on your system.
  • Passwords can be changed by operators.
  • Password phrases can be used as a substitute for a password. A password phrase can include phrases that are 9 - 100 characters in length, without character restrictions.

If you are also going to convert operator logon attributes, skip to Scenario 3: Converting to Task-Level Checking, which also contains information about converting operator passwords. For an overview of the conversion process, see Example of Migrating an Operator Password and Logon Attributes.

Figure 1. Converting Operator Passwords to RACF
This figures shows an example of converting operator passwords to RACF.
You can convert NetView passwords to use the RACF® product as shown in Figure 1.
{A}
In this example, three operators and their passwords are defined using the NetView DSIOPF member.
{B}
Use the RACF ADDUSER command to define the operators in RACF with an initial password.

RACF is configured so that all initial passwords expire when the operator logs on. RACF can also have rules enforced for passwords which might not be compatible with the NetView passwords, so an operator is forced to change the password after logging on the first time.

To test whether these definitions work as you expect, dynamically change your security so that an SAF product checks logon passwords by using the NetView REFRESH command: 
REFRESH OPERSEC=SAFDEF

If operators cannot log on as you expect, issue REFRESH OPERSEC=NETVPW to go back to using the NetView program for passwords and see Checklist for Debugging Security Problems.

When you are sure that your security is working correctly, modify the SECOPTS statement in the CNMSTUSR or CxxSTGEN member in the following way 
SECOPTS.OPERSEC = SAFDEF

The next time the NetView program is initialized, it uses an SAF product to verify logon passwords. See Defining Operator Password Security for information about the commands used to define passwords in the SAF product.