I¹m attempting to enable ATTLS on my z/OS 1.12 and 1.9 systems for the purpose of running secured NJE. I have installed the z/OS Configuration Assistant to create the appropriate policies, created certificates on both systems and placed them into the appropriate rings, and added the TCPCONFIG TTLS statement.
According to the a SHARE presentation I then had to run some further RACF commands using TCPIP.SEZAINST(EZARACF) as the starting point. It seems to me that the order of statements in the job is strange (i.e. when doing the INITSTACK stuff it refers to users defined further down in the job stream). Also, I get the messages (below) from the EZARACF job. As far as I can tell the ADDUSER syntax is correct so I'm not sure why it's complaining. Also, I assume the REFRESH of RACLIST(SECLABEL) is failing because I've forgotten to do something with SYSHIGH. Has anyone gone through this process? If so, did you have a cheat sheet. The SHARE presentation is good but it does state that it's skipped over some steps for the sake of keeping the presentation within its time allocation. ADDUSER NAMED DFLTGRP(OMVSGRP) OMVS(UID(0) HOME('/')) SECLABEL(SYSHIGH) NOPASSWORD IKJ56702I INVALID USERID, NAMED IKJ56701I MISSING OMVS UID+ IKJ56701I MISSING OMVS USER ID (UID), 1-10 NUMERIC DIGITS READY PERMIT SYSHIGH CLASS(SECLABEL) ID(NAMED) ACC(READ) READY RDEFINE STARTED NAMED.* STDATA(USER(NAMED)) ICH10102I NAMED.* ALREADY DEFINED TO CLASS STARTED. READY SETROPTS RACLIST(STARTED) REFRESH READY SETROPTS GENERIC(STARTED) REFRESH READY SETROPTS RACLIST(SECLABEL) REFRESH ICH14041I RACLIST REFRESH of class SECLABEL ignored. The class is not active yet. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html