Hi Charles, Almost 10 years old now, but I've always thought this was an xlnt presentation... https://www.ibm.com/support/pages/system/files/support/swg/swgdocs.nsf/0/2b7dd92c65e0defe85257a2b0057759b/$FILE/Leveraging_ATTLS.pdf
I posted the following about 6mos ago for a similar question. - Use z/OSMF for generation of your initial set of PA config files and inputs, then consider manually tailoring. I opted for this approach under z/OS 2.2, but z/OSMF has undoubtedly improved greatly since then, so maybe you can use z/OSMF exclusively now. - Configure the syslog daemon, and test it to ensure messages are being collected for whatever you're interested in (TCPIP is not a pre-req for syslogd) - Configure PROFILE.TCPIP, you will need to add a TTLS parm to the TCPCONFIG statement - Create the resource profile used to block access to the TCPIP stack during initialization, the name of the resource will be EZB.INITSTACK.%sysname.%tcpprocname (it may be differently named w/ACF2 or TSS) - Create a server keyring and x509 certificate, and then connect the cert to the keyring, and depending on what you're doing you may need to permit access so the keyring and cert can be listed (resources are IRR.DIGTCERT.LISTRING and IRR.DIGTCERT.LIST) - Once you have done the above and are ready to test: Ensure syslogd running Stop the TCPIP AS (there are undoubtedly less invasive ways) Start the TCPIP AS and watch for msg EZZ4248E, after which you should start your PA daemon (eventually you'll want to automate this), the start will probably look something like... /usr/lpp/tcpip/sbin/pagent -l /tmp/pagent.log -c /etc/pagent.conf & - Once started, check out the following for messages... MVS system log Pagent log file Output from the pasearch -t command HTH, Mike -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Wednesday, March 31, 2021 6:23 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Getting started with Policy Agent and AT-TLS Caution! This message was sent from outside your organization. Can anyone point me to a SHARE or other presentation or similar tutorial on how to get started with Policy Agent and AT-TLS? I'm already aware, of course, of the material in the IP Configuration Guide. Thanks, Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
