Jazz authentication method (startbfa.sh)
I am dealing with the password compliance on RTC. Currently, we have an id with non expiry password that logs on from z/OS agent to RTC server. Non expiry password will not be allowed soon, thereafter password will be expired every 90 days.
Does anyone know anything about SMART_CARD_POLICY or REGISTRY_POLICY?
Thanks.
|
One answer
Ralph Schoon (63.4k●3●36●46)
| answered Apr 02 '19, 6:24 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER For all I know, the only option to have is to get an exemption for the functional users. Otherwise you have to change the password. For some purposes you can use an encrypted password file, which you might be able to change at a central place.
Smartcard is for usage of smartcards: https://jazz.net/library/article/1438 , https://jazz.net/help-dev/clm/topic/com.ibm.jazz.install.doc/topics/c_config_cert_and_smartcard_auth.html
I am not sure what Jazz Registry is. Maybe zOS specific. I can only see USERNAME_PASSWORD_POLICY,
(requires JAZZ_USER, JAZZ_PASSWORD_FILE) in my build system toolkit/build engine
I know other users have saved this by using a mix of file based user registry (to store the functional users password that do not change) and LDAP where the regular users is configured.
Comments
Thanks for the reply. However, our organisation also does not allow functional id to have non expiry password. We are trying to avoid the use of password file, as this means we will need to change the password every 90 days.
We are looking for an once off set up solution, e.g. having a pass-ticket.
I had a read on this:
I am not sure how it applies to z/OS.
Anyone has hands-on experience on this?
Also, I look at the JAZZ_AUTH_METHOD:
It mentions these 3 policies
USERNAME_PASSWORD_POLICY
CERTIFICATE_FILE_POLICY KERBEROS_POLICY
They are different to the 4 policies mentioned inside the shell script startbfa.sh (comment section). Which ones is correct?
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.