jcb@lfcs.ed.ac.uk (Julian Bradfield) (07/10/88)
In MVS, the JSCB has a bit JSCBPASS, whose comment in the macro says `If this bit is on, and a corresponding bit in the DCB is one, OPEN will bypass password protection'. I can't find any corresponding bit in the DCB macro. Does anybody know which is true: (a) the bit is there, but undocumented (b) JSCBPASS is a relic that no longer does anything (c) something else? None of my friendly system programmers know the answer, and none of them want to waste the time looking at OPEN to find out.
patterso@hardees.rutgers.edu (Ross Patterson) (07/12/88)
(a) The bit is there, but undocumented in User manuals. Look in one of the System Programming Library (SPL) books (SPL: Data Management probably, otherwise SPL: Job Management). (b) JSCBPASS is a relic, but it still does what it says. Fortunately, not even IBM regards OS Password Protection as data security anymore. What JSCBPASS does is let all programs running under that Job Step open Password Protected datasets (marked with the PROTECT bit in the Format 1 DSCB (DS1PROT?)) without requiring either the operator or the TSO user to supply the password, which may be found in clear text in a file called PASSWORD on the sysres disk. Like I said, real bloody secure. [As an aside to the non-MVS folks out there, the JSCB (Job Step Control Block) exists in protected storage, and to alter it (such as turning on the JSCBPASS bit) one must first be an authorized program (such authorization is under installation control). (c) Something else. Other than as an excersize in early 1960's, batch DP data security, what it is is worthless. Your friendly System Programmers were correct in not reading OPEN to look for an answer. Ross Patterson Rutgers University Center for Computer and Information Services Sometime MVS Systems Programmer and Historian