> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Rob Scott > Sent: Friday, April 16, 2010 8:59 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: Internal (program) start of an STC - MGCRE vs. ASCRE > > John > > Yeah RACROUTE VERIFY(X) is the fella - see the RACROUTE > manual for more info - not exactly a "for dummies" book though :-) > > Obviously with a multi-user address space you would need to > wrap somnething like a task-level RESMGR around each TCB that > is created for the user "signon". If there is no > z/OS-supplied cleanup of ACEE, then your RESMGR could perform > the VERIFYX ENVIR=DELETE - in fact this is probably a good > idea anyway. > Another job for the RESMGR could be to cut a "sign-off" SMF > record (and you could cut a "sign-on" when you perform the > VERIFYX ENVIR=CREATE).
Really getting complicated! > > If you go down the "START" command route and your method of > assigning ownership to the created address space is a > parameter on the START command - what is to stop any bozo who > has opercmd authority from spoofing a userid on to one of > your address spaces ? Not a parm on the START command. The "listener" will establish a TCP connection to the "client". After it does the START, the "listener" would do a GIVESOCKET. The started task would then do a TAKESOCKET. The desktop "client" would then send the RACF id / password over the socket. The started task would then use BPX1SEC or IRRSIA00 to "logon" using the supplied userid/password. If this works (good user/password), the STC sends a message to the "client" that the connection is complete. The "client" on the desktop then "daemonizes" itself to detach from the shell, retaining the socket to the STC. This "daemon" is then used as a "relay" for other commands in order to talk to the z/OS STC. But, now that I think about what happens in CICS, if I don't do the equivalent of a ENVIR=DELETE before terminating the STC, I won't get the RACF SMF record that I would like. <rats/> > > There is something that makes me uneasy about an address > space that spawns other address spaces in the fashion that > you describe - maybe I am concerned about ASVT slot shortages > if the spawn process gets into trouble or any x-memory coding > errors that could mark these ASIDs as non-reusable. The started task(s) involved do not use x-memory coding. They don't talk to each other after the START is done at all. They are totally independant. And they would be subject to a z/OS CANCEL command. > > Rob Scott -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html