The ACFLIDGN utility creates logonids from entries in the VM directory. ACFLIDGN reads the directory and creates a logonid record for each user ID. The ACFLIDGN utility sets the PSWD‑EXP field in each logonid record it creates, forcing users to change their passwords when they log on the first time. This engages the CA ACF2 for z/VM protection‑by‑default philosophy. The following circumstances warrant that the PSWD‑EXP bit field in the logonid record be turned off:
To restrict which VM systems a user can log onto:
If appropriate, turn off the PSWD‑EXP bit field and turn on the bit field specified by the VMCHK option of the OPTS VMO record in all logonid records by using the CMS ACF command as follows:
acf ACF set lid LID CHANGE LIKE(‑) NOPSWD‑EXP VM
As soon as ACFLIDGN completes processing, list all logonids using the Selected Logonid Report (ACFRPTSL) to verify that all the necessary logonids are present and correct. For example, ensure that special CA ACF2 for z/VM privileges such as SECURITY, ACCOUNT, AUDIT, LEADER, CONSULT, READALL, and NON‑CNCL are only given to users that need them. If you are not sure what these special privileges are, see the Administrator Guide.
At this point, it might be necessary to use the ACF command to modify logonids. See the Administrator Guide for complete instructions on using the ACF command.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|