Re: RACF passphrase support

2023-06-14 Thread Chicklon, Thomas 
Good point, the original question was how to force users to use phrases instead 
of passwords, which is quite easy.

Potentially much more difficult is making sure all applications that accept an 
ID and PW support a 100 character password field and know what to do with that 
data depending on whether the length entered is 1-8 or 9-100 characters.

TSO requires a change in PARMLIB(IKJTSO00), I believe CICS has a different log 
on trans (CESL vs. CESN), and I believe FTP supported long PWs with no changes. 
You would really need to look at every logon processing application in your 
shop.

Tom Chicklon

From: IBM Mainframe Discussion List  On Behalf Of 
Colin Paice
Sent: Wednesday, June 14, 2023 11:12 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: RACF passphrase support

My logon screen only has space for an 8 char password. See Activating password 
phrase support 


My logon screen only has space for an 8 char password.  See Activating

password phrase support

<https://urldefense.com/v3/__https://www.ibm.com/docs/en/zos/2.5.0?topic=process-activating-password-phrase-support__;!!MwwqYLOC6b6whF7V!kylPYKnwdjWq2zinwEHX6KCGkN7b-FOLONDAQXt48DW1bdf5DxDIMxHFDZ0Gxj-G1aZW8BUTita5a-dbsu_xn3dQ$<https://urldefense.com/v3/__https:/www.ibm.com/docs/en/zos/2.5.0?topic=process-activating-password-phrase-support__;!!MwwqYLOC6b6whF7V!kylPYKnwdjWq2zinwEHX6KCGkN7b-FOLONDAQXt48DW1bdf5DxDIMxHFDZ0Gxj-G1aZW8BUTita5a-dbsu_xn3dQ$>>

on how to change it.



On Wed, 14 Jun 2023 at 15:30, Chicklon, Thomas <

01fbdb5fcb44-dmarc-requ...@listserv.ua.edu<mailto:01fbdb5fcb44-dmarc-requ...@listserv.ua.edu>>
 wrote:



> Probably the easiest would be to remove a user’s password and set a phrase

> for them.

>

> ALU userid NOPASSWORD PHRASE(‘This user must use a phrase now’) EXPIRED

>

> Tom Chicklon

>

> From: IBM Mainframe Discussion List 
> mailto:IBM-MAIN@LISTSERV.UA.EDU>> On Behalf

> Of rpinion865

> Sent: Wednesday, June 14, 2023 9:25 AM

> To: IBM-MAIN@LISTSERV.UA.EDU<mailto:IBM-MAIN@LISTSERV.UA.EDU>

> Subject: RACF passphrase support

>

> If I want to move away from passwords and use passphrases, how do I force

> users to use passphrases, i. e. RACF exit(s)? Sent with [Proton

> Mail](https: //urldefense. com/v3/__https: //proton.

> me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$)

>

>

> If I want to move away from passwords and use passphrases, how do I force

> users to use passphrases, i.e. RACF exit(s)?

>

>

>

> Sent with [Proton Mail](

> https://urldefense.com/v3/__https://proton.me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$<https://urldefense.com/v3/__https:/proton.me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$%3e>

><https://urldefense.com/v3/__https:/proton.me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$%3e><

> https://urldefense.com/v3/__https:/proton.me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$>)<https://urldefense.com/v3/__https:/proton.me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$%3e)%3e>

><https://urldefense.com/v3/__https:/proton.me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$%3e)%3e>secure
> email.

>

>

>

> --

>

> For IBM-MAIN subscribe / signoff / archive access instructions,

>

> send email to 
> lists...@listserv.ua.edu<mailto:lists...@listserv.ua.edu<mailto:lists...@listserv.ua.edu%3cmailto:lists...@listserv.ua.edu>>

> with the message: INFO IBM-MAIN

>

> This e-mail transmission contains information that is confidential and may

> be privileged.   It is intended only for the addressee(s) named above. If

> you receive this e-mail in error, please do not read, copy or disseminate

> it in any manner. If you are not the intended recipient, any disclosure,

> copying, distribution or use of the contents of this information is

> prohibited. Please reply to the message immediately by informing the sender

> that the message was misdirected. After replying, please erase it from your

> computer system. Your assistance in correcting this error is appreciated.

>

> --

> For IBM-MAIN subscribe / signoff / archive access instructions,

> send email to

Re: RACF passphrase support

2023-06-14 Thread Chicklon, Thomas 
Probably the easiest would be to remove a user’s password and set a phrase for 
them.

ALU userid NOPASSWORD PHRASE(‘This user must use a phrase now’) EXPIRED

Tom Chicklon

From: IBM Mainframe Discussion List  On Behalf Of 
rpinion865
Sent: Wednesday, June 14, 2023 9:25 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: RACF passphrase support

If I want to move away from passwords and use passphrases, how do I force users 
to use passphrases, i. e. RACF exit(s)? Sent with [Proton Mail](https: 
//urldefense. com/v3/__https: //proton. 
me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$)


If I want to move away from passwords and use passphrases, how do I force users 
to use passphrases, i.e. RACF exit(s)?



Sent with [Proton 
Mail](https://urldefense.com/v3/__https://proton.me/__;!!MwwqYLOC6b6whF7V!g4K8lA4n8TXZEHOf91ceeBwpEiRFj0H1g790KV4_VVVs7EeisjYHAMzTyuUxvBny2g-VoVTM6v3WrjPby9VOaAp0mKbSfYGR7_0dTg$)
 secure email.



--

For IBM-MAIN subscribe / signoff / archive access instructions,

send email to lists...@listserv.ua.edu with 
the message: INFO IBM-MAIN

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Password reset delegation

2023-05-04 Thread Chicklon, Thomas 
I'm not aware of a way for a general user to be able to reset the PW of 
privileged users. Maybe someone else does.

But to reset other non-privileged users, take a look at 
FACILITY(IRR.PASSWORD.RESET)

https://www.ibm.com/docs/en/zos/2.2.0?topic=phrases-delegating-authority-reset-password-any-user


To authorize a general user or group to use the ALTUSER command to resume a 
revoked user or reset a user's password or password phrase (other than for a 
protected user or a user with the SPECIAL, OPERATIONS, AUDITOR, or ROAUDIT 
attribute), define a profile to protect the IRR.PASSWORD.RESET resource in the 
FACILITY class. If you do not define this profile, standard ALTUSER authority 
checking applies when RACF(r) determines whether the command issuer is 
authorized.

RACF does not log failed access attempts to IRR.PASSWORD.RESET. Rather, these 
attempts are logged as ALTUSER command violations. Successful accesses to 
IRR.PASSWORD.RESET are logged at the installation's discretion.
Tom Chicklon


From: IBM Mainframe Discussion List  On Behalf Of 
Jake Anderson
Sent: Thursday, May 4, 2023 12:59 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Password reset delegation

Hello Cross posted Is there a RACF profile which can allow a help desk user to 
reset the password for the user who has special operations attribute? I don't 
want to give help desk person a SPECIAL authority but I want to give him 
password reset
ZjQcmQRYFpfptBannerStart
CAUTION EXTERNAL EMAIL
This message came from outside your organization.
DO NOT open attachments or click on links from unknown senders or unexpected 
emails.
ZjQcmQRYFpfptBannerEnd

Hello





Cross posted



Is there a RACF profile which can allow a help desk user to reset the

password for the user who has special operations attribute?



I don't want to give help desk person a SPECIAL authority but I want to

give him password reset authority alone



Jake



--

For IBM-MAIN subscribe / signoff / archive access instructions,

send email to lists...@listserv.ua.edu with 
the message: INFO IBM-MAIN
This e-mail transmission contains information that is confidential and may be 
privileged.
It is intended only for the addressee(s) named above. If you receive this 
e-mail in error,
please do not read, copy or disseminate it in any manner.  If you are not the 
intended 
recipient, any disclosure, copying, distribution or use of the contents of this 
information
is prohibited. Please reply to the message immediately by informing the sender 
that the 
message was misdirected. After replying, please erase it from your computer 
system. Your 
assistance in correcting this error is appreciated.




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Not aging well (know-it-alls)

2023-04-10 Thread Chicklon, Thomas 
A voice of reason Allan, thanks for saying what many of us are thinking.

I really miss the days when this was a moderated forum and the NOPOST setting 
would occasionally be used to keep things on track.

More noise than IBM mainframe discussion lately.

Tom Chicklon

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Allan Staller
Sent: Monday, April 10, 2023 12:37 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Not aging well (know-it-alls)


Lets take this debate offline and keep this forum professional.
Argue with whomever you wish, but please do it privately.


































-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: Monday, April 10, 2023 11:33 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Not aging well (know-it-alls)

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

No, it’s 100% my political views.


Sent from Yahoo Mail for iPhone


On Monday, April 10, 2023, 12:31 PM, David Spiegel 
<0468385049d1-dmarc-requ...@listserv.ua.edu> wrote:

Hi Bill,
You said: "... and I’ve been threatened by locals who don’t like my political 
views. ..."
Have you ever considered the possibility that your "political views" are not 
the only reason they don't like you? {:}->

Regards,
David

On 2023-04-10 12:25, Bill Johnson wrote:
> I should have clarified my information statement. I don’t put anything 
> important on the internet. Anything that could identify important information 
> that might be used in nefarious ways. I’ve already had numerous emails 
> hacked, numerous credit cards used from hacks, and I’ve been threatened by 
> locals who don’t like my political views.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, April 10, 2023, 12:06 PM, Tom Marchant 
> <000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
>
> So much for not putting your information out on the internet.
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
::DISCLAIMER::

The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only. E-mail transmission is not guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or may contain viruses in transmission. 
The e mail and its contents (with or without referred errors) shall therefore 
not attach any liability on the originator or HCL or its affiliates. Views or 
opinions, if any, presented in this email are solely those of the author and 
may not necessarily reflect the views or opinions of HCL or its affiliates. Any 
form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of this message without the prior written 
consent of authorized representative of HCL is strictly prohibited. If you have 
received this email in error please delete it and notify the sender 
immediately. Before opening any email and/or attachments, please check them for 
viruses and other defects.


--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OSMF & TSS

2020-05-22 Thread Chicklon, Thomas 
As long as you are relatively current with your TSS maintenance, there are TSS 
versions in CAKOJCL0 of the IBM samples for zOSMF setup that have had the RACF 
commands converted to TSS commands. 

Both what IBM and Broadcom provide are just samples, it still takes a bit of 
massaging for your environment.

Also, if you have zOS 2.4, there is now a Security Configuration Assistant 
delivered with zOSMF. Still a hurdle to get to the point of being able to use 
that, but a great tool once you get there!

Tom Chicklon


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Carmen Vitullo
Sent: Friday, May 22, 2020 8:38 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z/OSMF & TSS

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

Mark, unfortunately I have a new laptop for working at home, my doc is at my 
work PC I cannot get to it. 
searching CA-Top Secret doc you will find 


http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/search.html?q=z%2Fosmf
 

HTH's 


Carmen Vitullo 

- Original Message -

From: "Steely.Mark"  
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Thursday, May 21, 2020 5:12:48 PM 
Subject: z/OSMF & TSS 

Does anyone have z/OSMF active using TSS (Top Secret) ? I have been using the 
"Convert z/OS 2.3 member IZUSEC from RACF to TSS commands". 

z/OSMF still has problems activating - I would like to see how other sites have 
setup the ID's IBM requires. 

My main concern is IZUADMIN. The documentation says to set this up as a profile 
but z/OSMF uses that ID as a USER. 

If you prefer you may contact me offline. 

Thank You 

*** Disclaimer *** 
This communication (including all attachments) is solely for the use of the 
person to whom it is addressed and is a confidential AAA communication. If you 
are not the intended recipient, any use, distribution, printing, or copying is 
prohibited. If you received this email in error, please immediately delete it 
and notify the sender. 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mesh Router

2020-04-03 Thread Chicklon, Thomas 
The first question you need to answer for yourself is do you need a router, or 
will the ISP supplied router work for what you want to do.

There have been a few other suggestions for a set up that includes a router.

I have ATT, and use their modem/router/phone/AP device. I just turn off the 
wireless.

One port on the ATT router gets connected to a Ubiquiti Networks Networks UniFi 
Switch 8-Port 150 Watts (about $200)
The other ports on the POE switch then get connected to Ubiquiti Networks Unifi 
802.11ac Dual-Radio PRO Access Point (UAP-AC-PRO-US) (about $140)

You can get as many APs as you need, I have a wide single story ranch style 
home and have probably overdone the install using 3 of the APs on the main 
floor. I have a couple older APs, one is in an open unfinished basement, and I 
may put one in the garage just to be sure my Rachio sprinkler controller and 
WeMo light switches and plugs in the far corner have a bit better signal. Yes, 
definitely over kill. But no dead spots anywhere.

Tom Chicklon

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Steve Beaver
Sent: Friday, April 3, 2020 9:23 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Mesh Router

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

Does anyone have an opinion on which of the various mesh router extenders to 
purchase?

TIA
Steve 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Job Posting

2020-01-08 Thread Chicklon, Thomas 
No one must have told the marketing folks that the fraction 5/3 is five thirds 
and not Fifth Third. 

Tom Chicklon


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Seymour J Metz
Sent: Wednesday, January 8, 2020 1:08 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Job Posting

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

There is no 5/3 in the name. If you want to spell out 5/3 in English it's "five 
thirds", not "fifth third".


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3



From: IBM Mainframe Discussion List  on behalf of 
R.S. 
Sent: Wednesday, January 8, 2020 12:42 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Job Posting

I'm aware it is even more off-topic, so forgive me my curiosity:
What is the meaning of "5/3" in the name?
I think I saw other banking companies with similar numbers in the name.


--
Radoslaw Skorupka
Lodz, Poland







W dniu 2020-01-08 o 15:58, Dave Jousma pisze:
> All, I am advertising a publicly posted job listing at 5/3 Bank in 
> Cincinnati, OH/Grand Rapids, MI.  We are looking to add to our staff a 
> Systems Programmer, with a primary focus on Networking support (VTAM, TCPIP, 
> OSA, etc), amongst other typical systems programmer responsibilities.  If 
> interested, use this link to submit your qualifications.   If you have any 
> questions, respond to me directly, please don’t spam the list.
>
> https://secure-web.cisco.com/1KVseD2fYxII3jqbcLS9CeMbH9xcAaHGrLvGZD2jue8jNzDyJZn3Bq5BgsXbJU_4OnP4JKFtWODvtR52QlDXAl6f7djuLFBb3Tp-B3pYASD04Fu6S49j6hv6ZRmXpNMGOuvJPCu6McsA20OSyMZUfT9NQy2TRA4Y7oV7uQgkBCvvyYzIgRLlFUjSu5N-Jp1vqyEfR02KX7a-UcG9ExnMCHy_BK7YbHI4c67Z4pRc8fzAoUV4waSxhLVd8qpKJ_eixULRBwxkG3r6fdVq-06xyWCENvqP7Q4PpNHsq7-EypPyqy8ELVwocNxtJZtkRkAIalumqMz05Wsw5LJ3sQIVZYlEEx_E5rB2Vm8a0SevBnmbzyDv-2qCB6l2lKYQielbz/https%3A%2F%2Ffifththird.wd5.myworkdayjobs.com%2Fen-US%2F53careers%2Fjob%2FCincinnati-OH%2FLead-Systems-Programmer---z-OS_R7080
>
> Lead Systems Programmer - z/OS
>
> Cincinnati, OH
> Grand Rapids, MI
>
> We connect great people to great opportunities. Are you ready to take the 
> next step? Discover a career in banking at Fifth Third Bank.
> Produce solutions with a team of Mainframe Engineers with opportunity to 
> expand knowledge and experience on technology that is at the core of our 
> business.  The opportunity is based in Cincinnati, Ohio with optional base 
> location in Grand Rapids, Michigan and some work from home opportunity.
>
> GENERAL FUNCTION:
> Oversees and performs maintenance on existing software products. Assists in 
> designing, developing, coding, testing and debugging new software or making 
> enhancements to existing software. Works with technical staff to resolve 
> software problems, coordinate projects and respond to suggestions for 
> improvements and enhancements. Acts as team leader on projects.The position 
> is on the Technical/Professional ladder at level 4 in the Systems Programming 
> discipline.
> Responsible and accountable for risk by openly exchanging ideas and opinions, 
> elevating concerns, and personally following policies and procedures as 
> defined. Accountable for always doing the right thing for customers and 
> colleagues, and ensures that actions and behaviors drive a positive customer 
> experience. While operating within the Bank’s risk appetite, achieves results 
> by consistently identifying, assessing, managing, monitoring, and reporting 
> risks of all types.
>
> ESSENTIAL DUTIES AND RESPONSIBILITIES:
> · Functions as a technical expert in the design, development, 
> modification and debugging of programs, job streams, configurations, and 
> other machine-readable material.
> · Develops project plans, work assignments, target dates and other 
> aspects of assigned projects and communicates this information to senior 
> management and the business unit.
> · Works independently designing and developing new software products 
> or major enhancements to existing software.
> · Plays a key role as a team member or as an individual contributor 
> for projects with varying complexities.
> · Assists with capacity and scalability planning for all 
> network-related systems.
> · Oversees the advanced troubleshooting and problem resolution 
> functions for Business and Infrastructure Application software products.
> · Functions as a lead in partnering with other business units in all 
> activities around mainframe systems application design and implementation.
> · Provides strategic development recommendations to specific system 
> applications areas as it relates to the selection, installation and 
> networking of new software systems.
> · Researches new technologies and recommends process improvement 
> solutions as it relates to the analysis, design and implementation of new 
> applications.
> ·

Re: Job Posting

2020-01-08 Thread Chicklon, Thomas 
5/3 is in fact a play on the name of the bank: Fifth Third Bank. As another 
poster pointed out the origins of the name date back many years when the Fifth 
National Bank and Third National Bank merged. It is also used on logos, and is 
the general URL for the bank: www.53.com

Tom Chicklon
Fifth Third Bank

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of R.S.
Sent: Wednesday, January 8, 2020 12:43 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Job Posting

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

I'm aware it is even more off-topic, so forgive me my curiosity:
What is the meaning of "5/3" in the name?
I think I saw other banking companies with similar numbers in the name.


-- 
Radoslaw Skorupka
Lodz, Poland







W dniu 2020-01-08 o 15:58, Dave Jousma pisze:
> All, I am advertising a publicly posted job listing at 5/3 Bank in 
> Cincinnati, OH/Grand Rapids, MI.  We are looking to add to our staff a 
> Systems Programmer, with a primary focus on Networking support (VTAM, TCPIP, 
> OSA, etc), amongst other typical systems programmer responsibilities.  If 
> interested, use this link to submit your qualifications.   If you have any 
> questions, respond to me directly, please don’t spam the list.
>
> https://fifththird.wd5.myworkdayjobs.com/en-US/53careers/job/Cincinnati-OH/Lead-Systems-Programmer---z-OS_R7080
>
> Lead Systems Programmer - z/OS
>   
> Cincinnati, OH
> Grand Rapids, MI
>
> We connect great people to great opportunities. Are you ready to take the 
> next step? Discover a career in banking at Fifth Third Bank.
> Produce solutions with a team of Mainframe Engineers with opportunity to 
> expand knowledge and experience on technology that is at the core of our 
> business.  The opportunity is based in Cincinnati, Ohio with optional base 
> location in Grand Rapids, Michigan and some work from home opportunity.
>
> GENERAL FUNCTION:
> Oversees and performs maintenance on existing software products. Assists in 
> designing, developing, coding, testing and debugging new software or making 
> enhancements to existing software. Works with technical staff to resolve 
> software problems, coordinate projects and respond to suggestions for 
> improvements and enhancements. Acts as team leader on projects.The position 
> is on the Technical/Professional ladder at level 4 in the Systems Programming 
> discipline.
> Responsible and accountable for risk by openly exchanging ideas and opinions, 
> elevating concerns, and personally following policies and procedures as 
> defined. Accountable for always doing the right thing for customers and 
> colleagues, and ensures that actions and behaviors drive a positive customer 
> experience. While operating within the Bank’s risk appetite, achieves results 
> by consistently identifying, assessing, managing, monitoring, and reporting 
> risks of all types.
>
> ESSENTIAL DUTIES AND RESPONSIBILITIES:
> · Functions as a technical expert in the design, development, 
> modification and debugging of programs, job streams, configurations, and 
> other machine-readable material.
> · Develops project plans, work assignments, target dates and other 
> aspects of assigned projects and communicates this information to senior 
> management and the business unit.
> · Works independently designing and developing new software products 
> or major enhancements to existing software.
> · Plays a key role as a team member or as an individual contributor 
> for projects with varying complexities.
> · Assists with capacity and scalability planning for all 
> network-related systems.
> · Oversees the advanced troubleshooting and problem resolution 
> functions for Business and Infrastructure Application software products.
> · Functions as a lead in partnering with other business units in all 
> activities around mainframe systems application design and implementation.
> · Provides strategic development recommendations to specific system 
> applications areas as it relates to the selection, installation and 
> networking of new software systems.
> · Researches new technologies and recommends process improvement 
> solutions as it relates to the analysis, design and implementation of new 
> applications.
> · Responsible for systems performance and resolution of production 
> incidents, which may require 24x7 coverage.
> · Other duties as required.
>   
> MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
> · Undergraduate degree or equivalent, with 4-6 years of experience in 
> a mainframe z/OS environment.
> · Working Knowledge of TSO/ISPF, SDSF, JES, IPCS and USS on z/OS.
> · Working knowledge of TCP, UDP, ICMP, and VTAM communications.
> · Working knowledge of TN3270 and FTP communication protocols.
> · Working knowledge of encryption technologies

Re: SE/HMC driver update duration

2019-12-18 Thread Chicklon, Thomas 

> Probably 8-10 hours if I remember right when we made that jump a year or so 
> ago.   We normally allot 5-6 hours of time for IBM
> to complete before our maintenance window, and in this particular case, we 
> almost blew through our window of work because the 
> updates ran so long.  WE now schedule a 12 hour window for IBM to do their 
> work just because of this.  My team mate, might
> see this post and offer up a bit more information.

Because we have 3 HMCs that are configured to control all 3 of our CECs, IBM 
suggested we upgrade the HMCs ahead of the CECs.
I don’t' recall the exact problem, but I do know that after upgrading the first 
CEC, we could no longer control that one using
an HMC that wasn't at driver 36 yet (first CEC upgrade was completed before 
last HMC). So the HMCs were done ahead of time, during the day, non-disruptive 
to anything but the HMC itself. We had no problem accessing pre-Drive 36 HMCs 
with HMCs that had been upgraded to Driver 36 (backward compatible).

Seems the HMC upgrades were started early in the morning, and completed by 
noon. I don't recall the specific times for these upgrades. But this is 
activity that can be done prior to the CEC Driver 36 upgrade.

Our first CEC upgrade to Driver 36 took over 18 hours elapsed. The CE completed 
the upgrade to Driver 36 and was trying to get to a higher bundle level and 
spent a lot of time on the phone with the support center, as well as a break 
for another service call. Long day...

The 2nd and 3rd CEC upgrades to driver 36 were about 9 and 7 hours. We did not 
have the problem getting to the next bundle level with these.

Not sure if the time since last MCLs were applied makes a difference, but we 
had applied MCLs about 6 months before we went to Driver 36, so we were fairly 
current. If you are way behind, maybe this could be a reason for the longer 
estimated time.

Getting to Driver 36 was a non-disruptive process, IBM performed this work 
while all systems were up and running. I guess if your CE wants 2 days, just 
start 2 days before you plan the disruptive POR.

Tom Chicklon 
Fifth Third Bank


_
Dave Jousma
AVP | Manager, Systems Engineering  

Fifth Third Bank  |  1830 East Paris Ave, SE  |  MD RSCB2H  |  Grand Rapids, MI 
49546
616.653.8429  |  fax: 616.653.2717


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Jake Anderson
Sent: Wednesday, December 18, 2019 3:24 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: SE/HMC driver update duration

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

Hello

We are updating our HMC/SE driver level. Our CE says the update takes 2 days to 
complete.

I am trying to understand what are the factors which delays or takes time to 
complete the process.

Regards
Jake

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Sign on Activity Top Secret

2019-12-12 Thread Chicklon, Thomas 
You'll need 2 things...

First, if TSSUTIL only listed violations, you may not be logging INIT events, 
in which case no log on audit data is being produced and thus no tool will be 
able to report what you are looking for. Check out the LOG control options and 
make sure you have INIT set:

* INIT
Logs all job/session initiations and terminations.

Then, use TSSUTIL with report selection criteria such as:

EVENT(INIT) FACILITY(TSO)

Tom Chicklon

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Steely.Mark
Sent: Wednesday, December 11, 2019 6:21 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Sign on Activity Top Secret

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

Does someone have a program that can be shared - that will list all TSO sign-on 
?

I know it is SMF 80 record. I can write a program but I don't want to re-invent 
the wheel.

The program can be SAS, EARL, ASM etc
We are z/OS v2.2 and TSS v16. I looked at TSSUTIL but it only listed violations.
CA / Broadcom documentation states: Use a report generator or program to 
produce customized reports based on the credential types used during signon 
activity.
Any help would be appreciated.

Thank You

*** Disclaimer ***
This communication (including all attachments) is solely for the use of the 
person to whom it is addressed and is a confidential AAA communication. If you 
are not the intended recipient, any use, distribution, printing, or copying is 
prohibited. If you received this email in error, please immediately delete it 
and notify the sender.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**


This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXTERNAL] Fixes from CA

2018-12-18 Thread Chicklon, Thomas 
CAUNZIP is a TSO command, and is delivered as a part of CA Common Services. For 
us, it lives in CAW0LINK which is in our LNKLST concatenation.

Tom Chicklon


>>I'm trying to find where I can find CAUNZIP that's described in Carmen's link.

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Fixes from CA

2018-12-18 Thread Chicklon, Thomas 
CA does provide a process to take the scart0.zip file and get it into a format 
that RECEIVE FROMNTS can use. 

I was fortunate in that I could FTP both the hold data and scart0.zip directly 
to my mainframe. For those who cannot directly FTP from CA, this works rather 
well, you just need to add an intermediate step to FTP the data somewhere that 
you can then send to your mainframe. 

Once the data is where it needs to be, all that is left is to run the TSO 
command CAUNZIP followed by SMPE RECEIVE FROMNTS. This was a good first step...

But kudos to CA for implementing SMPE RECEIVE ORDER. Now, we use the exact same 
process to receive our maintenance from CA that we have long been doing from 
IBM. Single batch job (per global zone) scheduled to run weekly that in a 
single job step receives all hold data and all available maintenance. 

Tom Chicklon

>>Why does CA seem to have a compulsion to be different from everyone else?
>>
>>-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: CA-TSS Question

2018-03-06 Thread Chicklon, Thomas 
I have downloaded the latest 2811 page document. In the product enhancements 
section, on page 98: 

Data Set Encryption Support (RO97892)

New z/OS DFSMS capabilities for data encryption require key labels when 
allocating encrypted data
sets. These labels identify a protected data key in the ICSF key repository 
(CKDS).

A new field (DSKEY) in ACIDs contains the ICSF key label to use for encryption. 
The following
keywords are now available for managing keys and labels:

SYMCPACFWRAP (see page 742) makes keys eligible to be rewrapped (protected) by 
CP Assist for
Cryptographic Functions (CPACF).

SYMCPACFRET (see page 741) determines whether ICSF can return a key in a 
wrapped (protected)
form.

DSKEY (see page 518) specifies the key label that encrypts/decrypts data in the 
ICSF cryptographic
key data set (CKDS).

CRITERIA (see page 489) (used with PERMIT) defines criteria to determine a 
user's access to a
resource (such as a key label).

Tom Chicklon

-


> Probably need to pull the latest TSS doc and look for changes in there.


This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: CA-TSS Question

2018-03-06 Thread Chicklon, Thomas 
These may be of interest:

CA opened a problem: 
https://support.ca.com/us/download-center/problem-detail.html?docid=650097=TSSMVS=9937
And has an enhancement PTF: 
https://support.ca.com/us/download-center/solution-detail.html?docid=650087=OS=RO97892

I've downloaded the PTF, but not much in its hold data to give any hints as to 
how to use it. 

Enhancement Description:  
z/OS DFSMS is providing a simple approach to enable extensive encryption  
of data at rest for data on disk through DFSMS access methods.
Security and Storage Administrators who are required to protect customer  
data can leverage the z Systems hardware encryption for data at rest  
through existing policy management without application changes.   

Probably need to pull the latest TSS doc and look for changes in there.

Tom Chicklon

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Steely.Mark
Sent: Tuesday, March 06, 2018 1:07 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: CA-TSS Question

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

We are z/OS v2.2 and CA-TSS V16.

Does CA-TSS support the encryption key label in the DFP segment.

This is the sample for RACF.

/*---*/
/* Specify the encryption key label in the DFP segment.  */
/*---*/
ALTDSD 'EYSHA.ICSF.ENCRYPT.ME.*'   +
   DFP(DATAKEY(DATASET.EYSHA.ICSF.ENCRYPT.ME.ENCRKEY.0001))

All my searches came up empty.

Any help would be appreciated.

Thank You

*** Disclaimer ***
This communication (including all attachments) is solely for the use of the 
person to whom it is addressed and is a confidential AAA communication. If you 
are not the intended recipient, any use, distribution, printing, or copying is 
prohibited. If you received this email in error, please immediately delete it 
and notify the sender.

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**



This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Please Read: Server Certificates Expiring - Soon!

2018-01-16 Thread Chicklon, Thomas 
For Top Secret shops, the TSS commands are:

Add to CERTAUTH:
tss add(certauth) digicert(DigiGRCA) +  
dcdsn(cert.certauth.digigrca)+  
lablcert('DigiCert Global Root CA')  +  
trust target(=) 

And for each SMPE user:
tss add(userid) keyring(SMPRing) +  
ringdata(certauth,DigiGRCA)  +  
usage(certauth) target(=)   


Tom Chicklon
Lead Systems Programmer
Information Technology – Mainframe Engineering
Fifth Third Bank
thomas.chick...@53.com

---

Jousma, David wrote:
> WSC has published!  
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/FLASH10884

Indeed, and you beat me to it!  Many thanks for Kurt Quackenbush for writing 
it, and Riaz Ahmad for getting it formatted as a Flash and getting it posted to 
the WSC's website.

--

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Fire-call, emergency RACF userid

2017-12-08 Thread Chicklon, Thomas 
What are you using for MFA?

CA's relatively new Advanced Authentication Mainframe product will let you map 
a Top Secret user ID to a different ID for RSA authorization. I used this set 
up for initial testing of the product- log on to the mainframe using a test ID 
that is mapped to my real ID's RSA pin and token.

If you can do this, seems you can have a set of fire-call IDs that all map to 
the secret pin and token that are both sitting in the safe. After use, Info Sec 
changes the pin and the new pin and token go back into the safe.

Tom Chicklon

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Mark Jacobs - Listserv
Sent: Thursday, December 07, 2017 3:12 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Fire-call, emergency RACF userid

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

The way our MFA solution works is that we associate the RACF userid to an 
Active Directory userid, and use our existing RSA SecureID Token infrastructure 
as the second authentication factor. I'm not seeing how I can tie the shared 
userid to a single AD Userid/RSA Token.

Mark Jacobs

> Carmen Vitullo  December 7, 2017 at 2:58 
> PM Hey Mark, the last two places I worked we had fire-call ID's that 
> were 'suspended' (inactive) and after each use (DR) mostly ,secadmin 
> would change the password, store the password in an envelope on a lock 
> box in the computer room, this was before MFA, only MFA experience we 
> have is windows, LAN ID's I suspect with MFA, you don't need to 
> suspend the ID, since you'd need a password and a PIN to be valid?
>
>
>
>
>
>
> Carmen Vitullo
>
> - Original Message -
>
> From: "Mark Jacobs - Listserv" 
> To: IBM-MAIN@LISTSERV.UA.EDU
> Sent: Thursday, December 7, 2017 1:37:43 PM
> Subject: Fire-call, emergency RACF userid
>
> We have an emergency use userid with it's password "locked in a safe", 
> which can be used by authorized people when/if needed. How do other 
> organizations better control something like this? I'm asking since 
> we're implementing MFA for "special" userids, and I don't know how to 
> fit this shared userid into the MFA framework.
> --
>
> Mark Jacobs
> Time Customer Service
> Global Technology Services
>
> The standard you walk past is the standard you accept.
> Lt. Gen. David Morrison
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
> Please be alert for any emails that may ask you for login information 
> or directs you to login via a link. If you believe this message is a 
> phish or aren't sure whether this message is trustworthy, please send 
> the original message as an attachment to 'phish...@timeinc.com'.
>
> Mark Jacobs - Listserv  December 7, 
> 2017 at 2:37 PM We have an emergency use userid with it's password 
> "locked in a safe", which can be used by authorized people when/if 
> needed. How do other organizations better control something like this? 
> I'm asking since we're implementing MFA for "special" userids, and I 
> don't know how to fit this shared userid into the MFA framework.

-- 

Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**



This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM HTTP Server powered by Apache - very erratic responding to modify and stop commands

2017-12-06 Thread Chicklon, Thomas 
We run a number of PKI domains, each with their own web server. Had heard a tip 
back when we converted to Apache that if you use 8 character job names for the 
web server STC, a simple stop command against that name works just fine. So, 
all my web servers all have 8 character names and we never have any problems 
getting them to shut down.

Tom Chicklon

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Jantje.
Sent: Wednesday, December 06, 2017 7:30 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: IBM HTTP Server powered by Apache - very erratic responding to modify 
and stop commands

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

Dear Listers,

I am migrating from Domino Go to IBM HTTP Server powered by Apache. So, I set 
up an STC and can start that very well. I did include the

LoadModule zos_cmds_module modules/mod_zos_cmds.so

directive (well, it was there already in the sample httpd.conf) in order to 
enable the MODIFY and STOP commands.

Now, I find the server to be very erratic in responding to modify and stop 
commands. It is already an automation challenge to find out to what process one 
has to send the commands, but that is not what I am complaining about. Indeed, 
even when I am 100% sure to have addressed the command to the correct process, 
only halve of the time it actually reacts to it. And even then, it does not 
always stop. I've seen cases where it responds with:

2017339  13:55:39.45-P HTTPD1,A=005A
2017339  13:55:40.64  STC12796   BPXM023I (WEBADM) IHS is stopping
2017339  13:55:40.65  STC12796   BPXM023I (WEBADM) CRIHS0002I IHS TMMETEST is 
stopping.

but then just continues to run. In that case, the only way to bring the server 
down is to use the apachectl -k stop from a Unix shell...

Has anyone on the list seen similar behaviour? 
Were you able to fix it?
How?
Am I entitled to a PMR?

Thanks and very best regards,

Jantje.


P.S. I tried my friend Google, with various combinations of the words stop, 
erratic, modify, not stopping, etc. and of course "IBM HTTP Server powerd by 
Apache". All to no avail. A search in the archives of this esteemed list did 
not yield an answer to my questions either.

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: CICS screen scraping using biztalk

2012-12-07 Thread Chicklon, Thomas 
This makes me chuckle on a Friday afternoon... an admonishment to others to 
silently correct an observed misspelling, while carrying forward the 
misspelling in the subject of a not so silent post. :)


Tom Chicklon



I wonder why someone has not has not changed this thread's caption.

A CICS screen image can be scrapped much more simply than it can be scraped.

These miscaptions greatly impair the usefulness of the archives.  They should 
be corrected silently by the first poster who notes them.  The longer they 
persist the less accessible the thread becomes.


This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM, id's to open pmr's, lot$a $$$$ now involved?...

2012-10-18 Thread Chicklon, Thomas 
How about Resource Action. Laid off. Fired. Downsized. Rightsized. All mean 
pretty much the same thing.

Tom Chicklon

---

RA? I suspect resource allocation or thereabouts, but??


 Deep cost cutting and USA staff that has been 
 RA'ed to the max, leaving sketchy support areas overseas with little 
 experience to
 support customers both external and internal.   

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Automated Service Delivery Certificate

2012-09-10 Thread Chicklon, Thomas 
For your own sanity, set this up in a batch job, instead of executing the 
commands online in TSO. I own security on my TECH sandbox systems, meaning I 
get to replace each SMPE user's certificate once a year. Same process every 
year, they get a new cert and sent to me, I upload, replacing the same PFX 
dataset, then rerun the exact same batch job that I ran for that user the 
previous year... 

I'm too old to try to remember the secret incantation of commands each time I 
have to do this...

Tom Chicklon

---

I complained about the process a few months ago when my cert expired. 
Trouble is, I do this only once and year and forget the steps. 


This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Automated Service Delivery Certificate

2012-09-07 Thread Chicklon, Thomas 
Top Secret seems perfectly happy with 256. Just imported one this morning with 
the following attributes:

Organization  . . . : PS
Record format . . . : VB
Record length . . . : 256   
Block size  . . . . : 27998



-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Mark Jacobs
Sent: Friday, September 07, 2012 1:44 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Automated Service Delivery Certificate

Also when you upload it to zOS for installation into your security package, 
don't believe the FM where it says the certificate can be stored in a data set 
with a minimum lrecl of 256 or larger. RACF won't import it. I've had success 
with a lrecl of 4096, recfm=vb.

Mark Jacobs


On 09/07/12 13:06, Jousma, David wrote:
 Create a new software order, select z/OS Service, and in the pull down, 
 select SERVICE CERTIFICATE.

 _
 Dave Jousma
 Assistant Vice President, Mainframe Services david.jou...@53.com
 1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H p 616.653.8429 f 
 616.653.2717

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] 
 On Behalf Of Chip Grantham
 Sent: Friday, September 07, 2012 1:02 PM
 To: IBM-MAIN@LISTSERV.UA.EDU
 Subject: Automated Service Delivery Certificate

 Our automated service delivery certificate expired this week and I'm having a 
 duce of a time attempting to find the link on new ShopzSeries website to get 
 a new one.

 Any clue would be appreciated!

 Chip Grantham  |  Ameritas  |  Sr. IT Consultant | 
 cgrant...@ameritas.com
 5900 O Street, Lincoln NE 68510 | p: 402-467-7382 | c: 402-429-3579 | f:
 402-325-4030


 ***
 This message may contain confidential information intended only for the use 
 of the addressee(s) named above and may contain information that is legally 
 privileged. If you are not the addressee, or the person responsible for 
 delivering it to the addressee, you are hereby notified that reading, 
 disseminating, distributing or copying this message is strictly prohibited.  
 If you have received this message by mistake, please immediately notify us by 
 replying to the message and delete the original message immediately 
 thereafter.  Thank you.
 ***


 --
 For IBM-MAIN subscribe / signoff / archive access instructions, send 
 email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

 This e-mail transmission contains information that is confidential and may be 
 privileged.   It is intended only for the addressee(s) named above. If you 
 receive this e-mail in error, please do not read, copy or disseminate it in 
 any manner. If you are not the intended recipient, any disclosure, copying, 
 distribution or use of the contents of this information is prohibited. Please 
 reply to the message immediately by informing the sender that the message was 
 misdirected. After replying, please erase it from your computer system. Your 
 assistance in correcting this error is appreciated.

 --
 For IBM-MAIN subscribe / signoff / archive access instructions, send 
 email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
Mark Jacobs
Time Customer Service
Tampa, FL


The quiet ones are the ones that change the universe...
The loud ones only take the credit.

Londo Mollari - Babylon 5

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: exporting certificate with private key in ICSF

2012-08-15 Thread Chicklon, Thomas 
Hoping someone can help you Rob, as my attempts to use KEYXFER to transfer 
between systems with different master keys have not been successful. Works just 
fine between systems with the same master keys, of course...

Tom Chicklon

---

I am looking for a method/utility to export a certificate and it's associated 
private key between systems.  The kicker is that the private key is stored in 
ICSF... and the master keys are not shared between the originating system and 
the receiving system.  I was going to run KEYXFER to extract the private key, 
plus EXPORTing the certificate .. and then realized that the PKDS MK is not the 
same.


Rob Schramm
Senior Systems Consultant
Imperium Group


This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Auditors Don't Know Squat!

2012-08-03 Thread Chicklon, Thomas 
Allan Staller has put you on the right track - gather information from experts 
on what *is* considered best practices. This will be needed for the management 
response to this finding.

If you can, ask the auditor where this recommendation came from. Who is it that 
claims this is a best practice? Many on this list would agree that it is not. I 
have my suspicions that if anyone has made such a claim, they are not running 
z/OS. It surely can't be a documented practice at your site that you are 
failing to follow.

Lacking any intelligent reply to the above, and if the finding stands, your 
management team will need to formulate their response to it. I have seen 
responses that ended up in a management request that a given auditor not return 
because of his incompetence. This finding rates right up there with the one we 
discussed here a while ago where the auditor wrote a finding for the mainframe 
server not running the corporate standard antivirus product. Both of these 
auditors need to find another line of work, as they are wasting their client's 
time.

Tom Chicklon


 Our auditors (Feds) say we need to apply all new PTF's within 30 days of 
 availability. I'm speechless. Does anyone have the patience to form a cogent 
 argument without laughing, crying, or tying one on?

 I told my boss that if I did that, we'd be about as stable as a windows PC.  



This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN