The RPASSWRD program is used to set or reset REMOTE PASSWORDS. Please refer to Password Administration in Part Three for a more detailed discussion on managing REMOTE PASSWORDS.
How this program is secured depends on the Security Policy and whether or not Safeguard software is in use on the systems.
RISK If a user's remote password is not correct, they will not have access to the remote system.
Without Safeguard software:
If Safeguard software is not in use on the system then the RPASSWRD program is used to change users' REMOTEPASSWORDs. The security of RPASSWRD dictates who can perform this function;
To allow only SUPER.SUPER to change remote passwords for all users, the object files EXECUTE access can be set to "-".
If users can change their own remote passwords, the object files EXECUTE access can be set to "N"
BP-FILE-RPASSWRD-01 RPASSWRD should be secured "- - ? -".
With Safeguard software:
If Safeguard software is installed on the system, REMOTE PASSWORDS should be managed through Safeguard software and only users granted the privilege of managing USER Protection Records will be able to configure or modify REMOTEPASSWORDS.
BP-FILE-RPASSWRD-01 RPASSWRD should be secured "- - - -".
BP-OPSYS-LICENSE-01 RPASSWRD must be LICENSED.
BP-OPSYS-OWNER-01 RPASSWRD should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 RPASSWRD must reside in $SYSTEM.SYSnn.
If available, use Safeguard software or a third party object security product to grant access to RPASSWRD only to users who require it in order to perform their jobs.
BP-SAFE-RPASSWRD-01 Add a Safeguard Protection Record granting appropriate access to the RPASSWRD object file.
Who owns the RPASSWRD object file?
Is RPASSWRD licensed?
Who is allowed to change remote passwords on the system?
Is the RPASSWRD object file correctly secured with the Guardian or Safeguard system?