On Wednesday, 09/26/2007 at 03:42 EDT, Bill Munson <[EMAIL PROTECTED]> wrote: > Lionel, > > If RACF is broken and you are still IPL'd off of the CP Module with RACF > in it then the only 2 users you can log on to are RACFVM and/or > RACMAINT. Unless RACF for VM has changed in the last few years. > > I would suggest Dave Jones's idea of keeping a NON-RACF CP module > available to IPL from.
While tempting, this creates an inherently unauditable system, with nothing to stop you from running the guests. But if you choose such a configuration, do it in a way that doesn't violate security policies. Wishful thinking follows... I have AUTOLOG1 issue a DIAG A0 to find out if the ESM is installed. If so, start RACFVM. If not, CP MSGNOH OPERATOR **** WARNING : RUNNING WITHOUT RACF. **** NOT FOR PRODUCTION USE. **** NETWORKING IS DISABLED. ALL SERVERS DISABLED. **** DO NOT ATTEMPT TO ADJUST THE HORIZONTAL HOLD. **** WE HAVE ASSUMED CONTROL.... And, natch, my PROFILE GCS in RSCS and my :exit. in SYSTEM DTCPARMS for TCPIP would run a DIAG A0 program to look for the ESM, failing to start if not present. And, as Evil Overlord (who is properly paranoid), I modify OPERATOR PROFILE EXEC to issue the same DIAG A0 query and to issue a msg and LOGOFF if RACF isn't active. Bwahahahaaaaaaa!! Not bulletproof, of course, but sufficiently difficult that you have to remove the restraints in order to point the gun at the glass. That provides, IMO, sufficient evidence of intent that I am happy, as Evil Ove-- sorry, I mean "sysprog", to not be blamed if Operations switches to Manual Override and takes over. Hmm....maybe one should be able to select the System Identifier based on the name of the IPLed module, not just CPU id... Alan Altmark z/VM Development IBM Endicott