ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

NOPW Still Valid In CA Top Secret r15?

book

Article ID: 49242

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ecoMeter Server Component FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA On Demand Portal CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

Is giving an ACID NOPW (for no password) in CA Top Secret r15 no longer applicable?

Solution:

The NOPW password option is still valid in CA Top Secret r15, however, except for the MSCA, setting an acid's password to be NOPW now requires the administrator to have UPDATE access to entity:

TSSCMD.USER.cmd.NOPW in the CASECAUT resource class,

where 'cmd' is the command being issued (ie CREATE, ADDTO. or REPLACE).

So for this case, the following will need to be done:

TSS ADD(dept) CASECAUT(TSSCMD) (if not already done)   
TSS PER(acid) CASECAUT(TSSCMD.USER.cmd.NOPW) ACC(UPDATE)

 where 'dept' is the department to own the resource 
   'acid' is the administrator doing the TSS CREATE command or an   
      attached profile   
   'cmd' is the command (ie CREATE, ADDTO, REPLACE)   

Specify CASECAUT(TSSCMD.USER.*.NOPW) for the permit to include all commands (CREATE, ADDTO and REPLACE).

NOTE: There is a potential security concern exists if ACIDS are defined with NOPW and also have UID set to 0 (zero). In certain scenarios, unauthorized access can occur with these ACIDS via TELNET and Rlogin.

We recommend that all started task (STC) acids be given a password and OPTIONS(4) be set in the TSS parameter file. OPTIONS(4) will eliminate the
prompt for a password when the STC starts, but if someone tries to signon with the STC acid, he will need to know the password.

Environment

Release:
Component: AWAGNT