Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Using the DES algorithm without the two-step method of checking z/OS Security Server RACF System Programmer's Guide SA23-2287-00 |
|
Your installation might wish to use the DES algorithm without using the two-step method of checking. For example, if your installation has never used the masking algorithm, or if all of your users' passwords have been RACF® DES-encoded, you do not need the two-step method. There is an extremely remote possibility that DES-encrypting a user ID with the real password could give the same result as masking the user ID with a different password, allowing a password that is not valid to be accepted. As long as your installation uses the two-step method of checking, your installation might have an exposure. You can minimize this possibility by using the DES algorithm without the two-step method of checking if you do not need to check for masked passwords. To use the DES algorithm without the two-step method of checking, write an ICHDEX01 exit (in the link pack area) that sets the return code to 8. See Password authentication exits. |
Copyright IBM Corporation 1990, 2014
|