On 6/22/2015 3:13 AM, nitz-...@gmx.net wrote:
- ICHALTSP is an interface made available to the owner of the alternate
security product being used on this system, as a means of starting that
alternate security product in the same "window" when RACF is started,
i.e., before started tasks and jobs can start.
FWIW, "ALTSP" does indeed stand for ALTernate Security Product.
Thanks Peter, you've saved me from searching for the string ICHALTSP in all IBM
modules. I figured that this was the mechanism to get CAMASTER up and running,
since a true API *requires* to be in control first to call the API. So CA
(mis)uses this interface/agreement to get themselves a trusted address space
for *all* of their products, not just ACF2 and TSS, which (according to the CA
website) were not even the first exploiters of CAMASTER.
I like banging on CA as much as the next guy, but there is no misuse
here. I first presented about the IKJEFXSR "exploitation", in August of
2012, at the Bit Bucket for SHARE in Anaheim. At that time, there was
no supported interface for CA to start CAMASTER early at IPL time. Now
there is, and they're using it as intended.
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
