Has anybody had any experience with having a system udc check to see if you are a session or a job, and if you are a session, running (xeq) a cobol program that checks an encrypted ksam file for a user-id and password, thus bypassing mpe security?  Has anyone done that (at a financial institution) and had their auditors say that was ok?  (i.e. run a cobol program to check a file that you can't list the contents of that checks parameters when you are logging on as a session, not a job).  I know this opens an entire can of worms in regards to when the user and password are setup, and how you change it, and the frequency of changing it, reusing the password, etc...

Just curious if anybody has done something like that and the auditors were ok with bypassing mpe user/group/account security that way.

Mike Baker

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *