This is the standard operating procedure for RACF password resets. Customer specific information is displayed in a brown font for quick reference. The entire workflow and related information are also provided in order to help ensure that the entire process is understood.
- January 5, 2010, changed SLA to recommend the new Self Service Request Procedure as the primary means for password resets.
- March 21, 2007, changed SLA Standard Response Times after conferring with FO/AOs at their 3/21 meeting.
- February 2, 2007, simplified and clarified language
Self Service Request Procedure
1. Customer: Go to the Production MVS web page at http://ProdMVS.ITS.hawaii.Edu/ and click on the "Reset your RACF password" link.
This will bring up the Password Reset page.
2.Customer: On the Password Reset page, enter your RACF ID in the appropriate field. If you were issued a security token, enter the number currently displayed on it. If you were not issued a security token, ignore that field.
Click the submit button and you should get a page confirming your request.
3.Customer: You should receive an e-mail with instructions like this:
If you want to have your password changed, click on the link or cut and paste the link into your web browser.
4.Customer: Your new temporary password will be displayed on the web page.
Use that password to LOGON. You will be forced to change your password at that time.
Service Level Agreement (SLA)
Please note: this SLA and the process outlined below is applicable only in the case that a person is not able to successfully access the Self Service Request Procedures described above. The Self Service Request Procedure is now the preferred method for password resets.
- Response time: targeted maximum of next business day turnaround for standard requests.
- Business hours: Monday through Friday, 8:00 AM to 10:00 PM, except State holidays.
- Emergency requests: provisions have been made for emergency requests outside of business hours and for rush requests during business hours. Emergency requests should only be used when immediate access to the system is essential for operational processing. Please plan ahead and check to see if your password is working during normal business hours. This is far more efficient than paging staff that are currently not on duty, away for meetings, etc. Note that escalation is not currently supported during State holidays.
- Security: authorization and verification protocol using @hawaii.edu email established to assure customers that new practices are secure and resistant to social engineering
- Confirmation email: A confirmation email will be sent to the customer and to the racf-reset email account containing:
- temporary password
- instructions on how to contact racf-reset administrators during normal business hours and ITOC after normal business hours, in the event that there are questions
- password rules or a link to them
- Restrictions: All email correspondence *must* be from and to customer's @hawaii.edu email address. Use of any other email address may result in substantial delays because we will *not* exchange sensitive information to email addresses that are not the appropriate @hawaii.edu email address. This is required in order to protect our customers from spoofing. It is very easy to create a gmail account for example and spoof a person's identity.
- Customer: owner of a RACF account
- ID Manager: ITS staff providing RACF account resets. ITS System Services APC staff, System Administrators and select DLUS User Services staff are available for this role.
- ITOC: ITS staff providing after hours support for escalation. Note that ITOC staff currently do not provide initial support, only escalation support.
- Passwords must conform to specifications defined in UH Executive Policy E2.210.
- General guidelines:
- must be 6 to 8 characters in length
- must begin with an alphabetic character
- must not match an existing RACF UserID or GroupName
- only "national" characters ($, @, #) allowed
- Additional password rules:
- expire every 254 days
- The last 7 passwords are remembered and may not be re-used
- Note: system generated passwords are 7 characters long
Standard Request Procedure
- Customer: Send an email via an @hawaii.edu email accounts to firstname.lastname@example.org. Email must include:
- RACF ID to be reset, note that the sender's email address and RACF ID must both be assigned to the same person in order for the request to be considered authenticated. If it is not possible to authenticate via this mechanism, the customer will have to contact Fiscal Services.
- Phone number in case the ID Manager needs to follow up.
- ID Manager: respond to racf-reset list confirming that the request has been picked up.
- APC to pick up the request within 8 business hours, if this does not happen,
- User Services to pick up after 8 business hours have passed.
- ID Manager: Authenticate UH Username and RACF ID Match
- If authentication fails
- email Customer recommendation to contact Fiscal Services and take no further action.
- inform racf-reset list that the request could not be completed and was referred to Fiscal Services.
- ID Manager: Reset (create new temporary) password and email customer the temp password
- Note that passwords are *not* shared via phone in order to prevent social engineering compromises.
- Also note that the racf-id and the new password should not be sent together in the same mail.
- ID Manager: respond to racf-reset list confirming that the request has been completed.
- Customer: as soon as possible, obtain and reset temporary password
- Temporary passwords may only be used one time.
- In the event of technical difficulty, email racf-reset for assistance.
Emergency Request Procedure
- Customer: First, follows the Standard Request Procedure above so that the request is placed in queue.
- Customer: Second, calls ITOC at (808) 956-2393 and requests "Emergency Assistance with a RACF Password Reset."
- ITOC: obtains customer information (UH Username, racf id, phone number) logs request creating a ticket number.
- ITOC: requests that customer to submit the request using the Standard Request Procedure above if these steps have not already been done and informs that customer that an ID Manager will be notified of the request.
- ITOC: locates an ID Manager using the Emergency Request Escalation Procedure (http://www.hawaii.edu/its/wiki/x/PSQ) and passes on the customer information and the ticket number of the request.
- ID Manager: response asap (see SLA above) and processes the emergency request using the Standard Request Procedure and with the ticket number closes the request.