Shmuel Metz wrote: >Regardless of why it is coded that way, the code is in >the C/I and the error message comes from the C/I.
Yes, and in-stream data is an intrinsic feature of the Job Control Language (JCL). It says so right here, among other places: https://www.ibm.com/support/knowledgecenter/zosbasics/com.ibm.zos.zjcl/zjclt_exercise_crtNsubmitjob.htm Frank Swarbrick wrote: >On a separate line, are you saying is it possible for z/OS to use >a non-z/OS LDAP server for authentication (and authorization?), >including user IDs and passwords? "z/OS" is a big, grand place, so yes is the answer. For example, that's exactly what the z/OS Container Extensions do(es) if you simply turn on its LDAP feature. Naturally you do that from the z/OS Management Facility. >But this would that still require TSO and CICS (and IMS? and others?) >signon processes to be able to handle those user IDs? OK, now you're naming names (specific subsystems), and then "it depends." Let's pick CICS as an example. If you want to authenticate and authorize a user against a LDAP server (highly preferably the one on z/OS) for purposes of executing a CICS transaction, then one way to do that is to have a CICS Liberty region on the front side handling the job. CICS Liberty can definitely authenticate and authorize based on LDAP's guidance (with ID mapping), and there's some pretty good documentation explaining how to do that. TSO/E is "classic," and thus it understands up to 8 character maximum user IDs (up from 7 previously). However, as I sketched out, the end user need not necessarily know that. It'd be wonderful if somebody creates a TSO/E sign on screen analogous to z/VSE's that accepts a long user ID and passphrase which is then checked against LDAP on z/OS to decide whether to log the user on. LDAP on z/OS would then supply the mapped short name, without the user's active involvement. >What I would love to see is some sort of "single signon" option, >where a user would only need to sign on to their personal workstation >and not need to explicitly sign on to z/OS at all. There are many products that do that, including from IBM. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN