IBM OS/390 Run-Time Library Services, Password History Enhancements

The getUMAP and getGMAP services also look for default values. If getUMAP is

given a UID as input and the corresponding USER profile has no OMVS segment,

the caller of the getUMAP service receives the default. If no default value is found,

RACF return code 8, reason code 4 are returned by the getUMAP service. If a UID

is passed to getUMAP, then it returns a user ID, which is likely to return the user ID

of the default user.

Similarly, if getGMAP is given a GID as input and the corresponding GROUP profile

has no OMVS segment, the caller of the getGMAP service receives the default. If

no default value is found, RACF return code 8, reason code 4 are returned by the

getGMAP service. If a GID is passed to getGMAP, it returns a group name, which

is likely to return the group name of the default group.

The default OMVS segments reside in a USER profile and a GROUP profile. The

installation selects the names of these profiles, using a profile in the FACILITY

class. The name of the FACILITY class profile is BPX.DEFAULT.USER. The

application data field contains the user ID and the group name. The user profile for

the user ID specified contains the UID, and the group profile for the group name

specified contains the GID.

In order to use this default USER/GROUP support, the following need to be done:

Make the FACILITY class active.

Define BPX.DEFAULT.USER with APPLDATA('

uuuu/gggg

') where

uuuu

specifies a default user ID of 1-8 characters and

gggg

specifies a default group

name of 1-8 characters. The USER profile

uuuu

needs to have an OMVS

segment with the default UID, HOME, and PROGRAM. The GROUP profile

gggg

needs to have an OMVS segment giving the default GID.

If only default user information is needed, use APPLDATA ('

uuuu

').

The processing of the default OMVS segments for the user and the current

connection group are independent of each other. The OMVS segment of the user

specified on the initUSP may be used to obtain the UID, and the user may come

from the group ID specified in the FACILITY class profile. Similarly, when the

default UID found through the user ID specified in the FACILITY class profile is

used, the GID may come from the user's current connect group. Also the user

specified in the FACILITY class profile does not need to be a member of the group

specified in that profile. These values are used independently.

Run-Time Library Services

The Run-Time Library Services (RTLS) of OS/390 introduce new contents

supervisor support to facilitate the binding of applications to a specific language

run-time environment defined on an installation basis. System programmers can

use FACILITY class profiles and RACF's program control when there is a need to

control access to run-time libraries and the programs that use the run-time libraries.

Password History Enhancements

The password history enhancement makes it easier for installations to prevent end

users from circumventing password history security policy. The old password is

saved in the password history list when a password is reset by an administrator.

The following commands have been modified to save the old password whenever

the password is reset:

Chapter 2. Release Overview 7