Discussion:
HMC Password maintenance for SERVICE account
(too old to reply)
Mark Pace
2018-07-31 16:22:09 UTC
Permalink
I've never changed it. The HMC is in locked room with security controls on
who can access the room. Don't allow the Service user id to be accessed
via a network.
How do others handle changing the default password for the HMC SERVICE
account.
Do you just change it and let your CE know the new password?
________________________________
This email message and any accompanying materials may contain proprietary,
privileged and confidential information of CIT Group Inc. or its
subsidiaries or affiliates (collectively, "CIT"), and are intended solely
for the recipient(s) named above. If you are not the intended recipient of
this communication, any use, disclosure, printing, copying or distribution,
or reliance on the contents, of this communication is strictly prohibited.
CIT disclaims any liability for the review, retransmission, dissemination
or other use of, or the taking of any action in reliance upon, this
communication by persons other than the intended recipient(s). If you have
received this communication in error, please reply to the sender advising
of the error in transmission, and immediately delete and destroy the
communication and any accompanying materials. To the extent permitted by
applicable law, CIT and others may inspect, review, monitor, analyze, copy,
record and retain any communications sent from or received at this email
address.
________________________________
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions

Mark D Pace
Senior Systems Engineer
Mainline Information Systems

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Jesse 1 Robinson
2018-07-31 16:27:13 UTC
Permalink
When we got our first CMOS boxes in the mid-90s, we decided *not* to change OEM passwords. None of the 'support' accounts are accessible remotely, and the HMCs live behind physical security as high as anything the data center can provide.

The problem with changing the SERVICE password, for example, is that the CE who randomly gets dispatched at oh-dark-thirty to get your business up and running again may well be someone you've never heard of before. How will that person know the password? If it has to be supplied by on-site Operations, then you have an exposure right there. If it has to be supplied by sysprogs, then your business depends on being able to reach the right person who happens to know the current value.

If you're concerned about the wrong person gaining physical access to the HMC, then you have a fundamental problem that a password will not address.

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
***@sce.com


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Mark Pace
Sent: Tuesday, July 31, 2018 9:22 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: (External):Re: HMC Password maintenance for SERVICE account

I've never changed it. The HMC is in locked room with security controls on who can access the room. Don't allow the Service user id to be accessed via a network.
How do others handle changing the default password for the HMC SERVICE
account.
Do you just change it and let your CE know the new password?
Mark D Pace
Senior Systems Engineer
Mainline Information Systems


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Porowski, Kenneth
2018-07-31 18:53:31 UTC
Permalink
How do I set the SERVICE userid to not be accessible via my network?
I've looked through the user settings and don't see anything relevant.

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Mark Pace
Sent: Tuesday, July 31, 2018 12:22 PM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] HMC Password maintenance for SERVICE account

I've never changed it. The HMC is in locked room with security controls on
who can access the room. Don't allow the Service user id to be accessed
via a network.
How do others handle changing the default password for the HMC SERVICE
account.
Do you just change it and let your CE know the new password?
________________________________
This email message and any accompanying materials may contain proprietary,
privileged and confidential information of CIT Group Inc. or its
subsidiaries or affiliates (collectively, "CIT"), and are intended solely
for the recipient(s) named above. If you are not the intended recipient of
this communication, any use, disclosure, printing, copying or distribution,
or reliance on the contents, of this communication is strictly prohibited.
CIT disclaims any liability for the review, retransmission, dissemination
or other use of, or the taking of any action in reliance upon, this
communication by persons other than the intended recipient(s). If you have
received this communication in error, please reply to the sender advising
of the error in transmission, and immediately delete and destroy the
communication and any accompanying materials. To the extent permitted by
applicable law, CIT and others may inspect, review, monitor, analyze, copy,
record and retain any communications sent from or received at this email
address.
________________________________
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions

Mark D Pace
Senior Systems Engineer
Mainline Information Systems

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Rob Schramm
2018-07-31 19:07:56 UTC
Permalink
I am pretty sure you can't login to service remotely..just like acsadmin.
You must login to acsadmin and enable/disable remote login.

Rob Schramm
Post by Porowski, Kenneth
How do I set the SERVICE userid to not be accessible via my network?
I've looked through the user settings and don't see anything relevant.
-----Original Message-----
Behalf Of Mark Pace
Sent: Tuesday, July 31, 2018 12:22 PM
Subject: Re: [IBM-MAIN] HMC Password maintenance for SERVICE account
I've never changed it. The HMC is in locked room with security controls on
who can access the room. Don't allow the Service user id to be accessed
via a network.
How do others handle changing the default password for the HMC SERVICE
account.
Do you just change it and let your CE know the new password?
________________________________
This email message and any accompanying materials may contain
proprietary,
privileged and confidential information of CIT Group Inc. or its
subsidiaries or affiliates (collectively, "CIT"), and are intended solely
for the recipient(s) named above. If you are not the intended recipient
of
this communication, any use, disclosure, printing, copying or
distribution,
or reliance on the contents, of this communication is strictly
prohibited.
CIT disclaims any liability for the review, retransmission, dissemination
or other use of, or the taking of any action in reliance upon, this
communication by persons other than the intended recipient(s). If you
have
received this communication in error, please reply to the sender advising
of the error in transmission, and immediately delete and destroy the
communication and any accompanying materials. To the extent permitted by
applicable law, CIT and others may inspect, review, monitor, analyze,
copy,
record and retain any communications sent from or received at this email
address.
________________________________
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions
Mark D Pace
Senior Systems Engineer
Mainline Information Systems
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Rob Schramm

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Jesse 1 Robinson
2018-07-31 19:19:24 UTC
Permalink
You have to logon to HMC with admin authority. Either userid ACSADMIN or another userid with that authority. Select User Management. Select userid 'SERVICE'. Click Details. You will see this option. Make sure the box is *not* checked.

__ Allow remote access to the console

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
***@sce.com


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Rob Schramm
Sent: Tuesday, July 31, 2018 12:08 PM
To: IBM-***@LISTSERV.UA.EDU
Subject: (External):Re: HMC Password maintenance for SERVICE account

I am pretty sure you can't login to service remotely..just like acsadmin.
You must login to acsadmin and enable/disable remote login.

Rob Schramm
Post by Porowski, Kenneth
How do I set the SERVICE userid to not be accessible via my network?
I've looked through the user settings and don't see anything relevant.
-----Original Message-----
On Behalf Of Mark Pace
Sent: Tuesday, July 31, 2018 12:22 PM
Subject: Re: [IBM-MAIN] HMC Password maintenance for SERVICE account
I've never changed it. The HMC is in locked room with security
controls on who can access the room. Don't allow the Service user id
to be accessed via a network.
On Tue, Jul 31, 2018 at 12:08 PM Porowski, Kenneth
How do others handle changing the default password for the HMC
SERVICE account.
Do you just change it and let your CE know the new password?
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions
Mark D Pace
Senior Systems Engineer
Mainline Information Systems
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Loading...