Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!mailrus!tut.cis.ohio-state.edu!rutgers!elbereth.rutgers.edu!hardees.rutgers.edu!patterso
From: patterso@hardees.rutgers.edu (Ross Patterson)
Newsgroups: comp.os.misc
Subject: Re: MVS question
Message-ID: 
Date: 12 Jul 88 03:10:48 GMT
References: <502@etive.ed.ac.uk>
Organization: Rutgers Univ., New Brunswick, N.J.
Lines: 23

(a) The bit is there, but undocumented in User manuals. Look in one of
the System Programming Library (SPL) books (SPL: Data Management
probably, otherwise SPL: Job Management).

(b) JSCBPASS is a relic, but it still does what it says. Fortunately,
not even IBM regards OS Password Protection as data security anymore.
What JSCBPASS does is let all programs running under that Job Step
open Password Protected datasets (marked with the PROTECT bit in the
Format 1 DSCB (DS1PROT?)) without requiring either the operator or the
TSO user to supply the password, which may be found in clear text in a
file called PASSWORD on the sysres disk. Like I said, real bloody
secure. [As an aside to the non-MVS folks out there, the JSCB (Job
Step Control Block) exists in protected storage, and to alter it (such
as turning on the JSCBPASS bit) one must first be an authorized
program (such authorization is under installation control). 

(c) Something else. Other than as an excersize in early 1960's, batch
DP data security, what it is is worthless. Your friendly System
Programmers were correct in not reading OPEN to look for an answer.

Ross Patterson
Rutgers University
Center for Computer and Information Services
Sometime MVS Systems Programmer and Historian