Mirrors my experiences with z/OS. One thing I distinctly remember was when I tried to write JCL to move some datasets. Took me 2 days reading documentation and trying out things. Finally I just gave up. It is not fun when you have noone to help and Google isn't very helpful. If you think Unix tools have no consistency, try JCL and z/OS. Considering how alien JCL is and magic incantations I invoked with it, I'm convinced that there is Cthulhu in the mainframe machine.Still, I'm quite proud I manage to write some JCL which saved us potentially days of manual work.
Other things I remember from that time was that passwords were only 8 characters long and case insensitive. My guess is z/OS is secure only by its obscurity. Though maybe this was just our installation. No idea until today.
skissane|1 year ago
Everybody nowadays uses a security add-on product with z/OS - most commonly IBM’s RACF, although some people use Broadcom (formerly CA)’s ACF2 or TopSecret instead. RACF allows a user to have either a “password” or a “pass phrase” or both or neither. For legacy reasons, a “password” indeed can be max 8 characters case-insensitive, but a “pass phrase” can be up to 100 characters and case-sensitive. And it also supports non-password based authentication mechanisms, including client certificates, smart cards, multi-factor auth, passtickets… some of that stuff is relatively new, but it isn’t all new. The bigger problem is you can offer all these more modern security features, but you can’t force customers to adopt them, especially when that adoption isn’t free (putting aside additional licensing costs for some of these features, there is also the person-time to configure it, test it, roll it out, etc)
jareds|1 year ago