NOPW Still Valid In CA Top Secret r15?

book

Article ID: 49242

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

Is giving an ACID NOPW (for no password) in CA Top Secret r15 no longer applicable?

Solution:

The NOPW password option is still valid in CA Top Secret r15, however, except for the MSCA, setting an acid's password to be NOPW now requires the administrator to have UPDATE access to entity:

TSSCMD.USER.cmd.NOPW in the CASECAUT resource class,

where 'cmd' is the command being issued (ie CREATE, ADDTO. or REPLACE).

So for this case, the following will need to be done:

TSS ADD(dept) CASECAUT(TSSCMD) (if not already done)   
TSS PER(acid) CASECAUT(TSSCMD.USER.cmd.NOPW) ACC(UPDATE)

 where 'dept' is the department to own the resource 
   'acid' is the administrator doing the TSS CREATE command or an   
      attached profile   
   'cmd' is the command (ie CREATE, ADDTO, REPLACE)   

Specify CASECAUT(TSSCMD.USER.*.NOPW) for the permit to include all commands (CREATE, ADDTO and REPLACE).

NOTE: There is a potential security concern exists if ACIDS are defined with NOPW and also have UID set to 0 (zero). In certain scenarios, unauthorized access can occur with these ACIDS via TELNET and Rlogin.

We recommend that all started task (STC) acids be given a password and OPTIONS(4) be set in the TSS parameter file. OPTIONS(4) will eliminate the
prompt for a password when the STC starts, but if someone tries to signon with the STC acid, he will need to know the password.

Environment

Release:
Component: AWAGNT