Self Service Password Reset is a fast, secure and reliable way for users to reset their own RACF password, removing the need to contact a central helpdesk or security administration team.
In any large enterprise, frequent requests for password resets are a burden on helpdesk and security administration. At the same time, a user needing to request then wait for a resolution can mean frustration and delays in essential work tasks. Self Service Password Reset (SSPR) is a fast, secure and reliable way for users to reset their own RACF password, removing the need to contact a central helpdesk or security administration team.
RSM Partners Solution
Self Service Password Reset (SSPR) is a packaged, documented and fully supported solution to a common IT problem.
No additional workstation software is required
All password resets are audit logged and can be alerted
Master password and memorable words are encrypted and stored within RACF profile
Standard SMP/E installation
User needing to reset a password securely connects to Self Service Password Reset (SSPR) from a standard web browser
A panel then presents three options: Reset Password; Set Master Password; Set Memorable Words
Master settings and password resets can optionally be replicated across multiple RACF databases
SSPR is very safe. In order to reset their RACF password, users must be able to supply up to four unique words or phrases only known to them personally. The words or phrases can be up to 32 characters.
SSPR only requires a standard web browser. It can therefore not only be used from normal workstations and laptops, but also from tablet devices and even smart phones.
A generic RACF resource protects SSPR access. Only user groups with READ access to this resource are permitted to reset their own passwords.
The master password, memorable words and hints are saved in the RACF database.
Yes. The master password and memorable words are saved as SHA-256 encrypted strings.
No one. The master password and memorable words are saved encrypted and are never decrypted by the software. Therefore, not even diagnostic materials such as dumps or traces will contain the passwords in clear.
No. Users can define their own questions to remind them of their memorable words. This makes it far more secure than fixed questions such as mothers maiden name which may become known to others over time.
Yes. Users can define their own questions or hints to remind them of their memorable words. This makes it far more secure than fixed questions such as mothers maiden name which may become known to others over time.
Yes. The hint can be displayed by hovering the cursor over the hint icon.
Yes. A generic RACF resource protects SSPR access. Only user groups with READ access to this resource are permitted to reset their own passwords. Setting a UACC of READ to this resource effectively enables SSPR for all users.
This is configurable. Where a user has the same userid in multiple RACF databases, their password change can optionally be replicated across all databases, subject to the necessary security permissions for that user being in place.
This is not currently supported.
All SSPR activity is recorded in an Audit log that can be viewed online by authorized personnel or downloaded to a CSV file. Audit log records can also be written to SMF.
The audit log is stored in a VSAM KSDS.
Yes. All details of SSPR requests, assignments and releases can optionally be written to SMF.
Not today. SSPR currently supports RACF only.
Yes. The replication capabilities of SSPR can co-exist with RRSF, with SSPR providing the replication to any RACF databases outside the range of RRSF.
The user will be given the hints they defined to remind them of their master password and memorable words, but if they still cannot remember, they must revert to whatever helpdesk based process is available to reset their RACF password. Once this has been done, they can redefine their master password and memorable words.
SSPR is still relevant as many enterprise wide solutions do not support the mainframe and RACF.
The only reason RSM decided to develop SSPR is to address the significant problems we regularly encounter with these so called' enterprise solutions. In assistingourclients attempt toimplement such solutions, we invariablyencounter significantproblems with the mainframe interface.From a mainframe perspective we find these solutions are not fully secure, notauditable and not truly self-service. SSPR is developed to provide an easilyimplementable solution for the mainframe that is secure, fullyauditable and truly self-service.
To request a download of this software or to raise a question, please complete the following details: