To make sure only privileged users could install it. Once installed, it requires either the RACF SPECIAL or AUDITOR attribute to execute, again to help make sure that only appropriate personnel can use it.
No, not as currently coded. Some functions simply wouldn't apply in a TSS shop, such as the "Unmask function". It could also be argued that an authorized program in the TSS environment doesn't need to use cracking techniques since the PWVIEW function might be manipulated to simply retrieve clear passwords. (Yes, even if PWVIEW(NO) has been specified).
Yes! There is now a commercial version of PWCHECK-PRO available for ACF2.
Well, we figured it was enough just to let you know it could be done and one of our "rules" for a well-designed system is that no one should ever need to learn another person's password, even administrators.
We can understand, though, how some people might find it more convincing to display the passwords, so we do offer PWCHECK-PRO.
Good idea! We now provide a functioning example "New Password" exit (ICHPWX01) that does just that. You can implement it as is or incorporate it with your existing exit. Or modify it as you like. Source code is provided when you purchase PWCHECK or PWCHECK-PRO.
The short answer is "No". PWCHECK queries the active RACF database. If you had a test system where the backup database was active, you could run it there.
No. The tool basically just does one READ of the RACF database for each user whose password will be tested. All the encryption of guesses to be checked is done "in-line" in the PWCHECK program so that no further access to the RACF database is needed.
Copyright © Goldis Consulting Services. All rights reserved.