NOPW Still Valid In CA Top Secret r15?

Document ID : KB000049242
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Is giving an ACID NOPW (for no password) in CA Top Secret r15 no longer applicable?

Solution:

The NOPW password option is still valid in CA Top Secret r15, however, except for the MSCA, setting an acid's password to be NOPW now requires the administrator to have UPDATE access to entity:

TSSCMD.USER.cmd.NOPW in the CASECAUT resource class,

where 'cmd' is the command being issued (ie CREATE, ADDTO. or REPLACE).

So for this case, the following will need to be done:

TSS ADD(dept) CASECAUT(TSSCMD) (if not already done)   
TSS PER(acid) CASECAUT(TSSCMD.USER.cmd.NOPW) ACC(UPDATE)

 where 'dept' is the department to own the resource 
   'acid' is the administrator doing the TSS CREATE command or an   
      attached profile   
   'cmd' is the command (ie CREATE, ADDTO, REPLACE)   

Specify CASECAUT(TSSCMD.USER.*.NOPW) for the permit to include all commands (CREATE, ADDTO and REPLACE).

NOTE: There is a potential security concern exists if ACIDS are defined with NOPW and also have UID set to 0 (zero). In certain scenarios, unauthorized access can occur with these ACIDS via TELNET and Rlogin.

We recommend that all started task (STC) acids be given a password and OPTIONS(4) be set in the TSS parameter file. OPTIONS(4) will eliminate the
prompt for a password when the STC starts, but if someone tries to signon with the STC acid, he will need to know the password.