|
|
|
When a user password‑protects a data set, a bit or flag is set on the volume where the data set is kept and the password is entered in the PASSWORD file. If the flag is off, it is assumed that the data set is unprotected, even if a password exists for it in the PASSWORD file.
If the PASSWORD file is out of sync with the volumes, a couple of things can happen.
Sharing disks between multiple CPUs can also cause the PASSWORD file to be out of sync with the volumes. The PASSWORD files must be on the system residence (SYSRES) volume. If two CPUs are used, two PASSWORD files are needed. When the PROTECT command adds a password to a data set, it enters the password only in the PASSWORD file for one system. The data set must also be password‑protected on the other CPU or that system cannot access the data set.
It is possible for someone with the proper knowledge to turn off the password‑protection flag on the volume by using an APF‑authorized copy of the superzap program. However, few (if any) good reasons for doing this exist. You should investigate all mismatches between the PASSWORD file and the volumes that CA Auditor detects to determine if and why password flags are being zapped off.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |