Thanks to all. After receiving all reply from experts and from manual now
my understanding is,
I should use SSL 992 port and with self signed certificate to enable SSL on
tso. Please correct me , if I am going in wrong direction.
Also please help me to find difference in tn3270 and tn3270e and wh
SMP/E doesn't have an object type called JOB or JCL.
SRC didn't find anthing.
Gadi
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Itschak Mugzach
Sent: Wednesday, November 23, 2016 9:17 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IZU
Gadi.
Ask smp. If there a job with this name, smp kow it.
Itschak
בתאריך 23 בנוב 2016 09:14, "גדי בן אבי" כתב:
> I looked in SIZUJCL.
> It's not there :-(
> Gadi
>
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Elardus Engelb
I looked in SIZUJCL.
It's not there :-(
Gadi
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Elardus Engelbrecht
Sent: Wednesday, November 23, 2016 8:57 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IZUSEC job
GADI wrote:
>I am trying
Tony Thigpen wrote:
>Once a week, HSM performs an AUTOBACKUP. Until about 3 months ago, if nobody
>was at the shop, HSM would ask for an exiting tape, wait 10 minutes, and if no
>tape was mounted, it would ask "Can tape be mounted?". If our remote operator
>replied 'N', then HSM would us a scra
GADI wrote:
>I am trying to configure z/OSMF for the first time.
Good luck. This is a horrible, but managable task. Easier thatn OMEGAMON of
course... ;-)
>I can't find the IZUSEC job that created the security definitions for z/OSMF.
IBM should have given you a copy of dataset IZU.SIZUJCL whi
Tony Thigpen wrote:
>> 1) System programmers had two logons. One "normal" and one "higher". The
>> "normal" userid still had some privileged access, but nothing like the
>> "higher" userid which had basically unlimited access.
>> 2) Additional audit trails were created for the "higher" userid. B
Hi,
I am trying to configure z/OSMF for the first time.
I can’t find the IZUSEC job that created the security definitions for z/OSMF.
z/OSMF was installed as part of z/OS using ServerPac.
z/OS and z/OSMF are v2.1
Gadi
לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או חברה קשורה
Been thinking various way to explore/list the datasets which somehow (obviously
security/racf in place however considering unexpected situation) how to list
the entries from master catalog which do not have alias defined/relate to user
catalog ...so basically directly connected in master catalog
So some basic questions
1) What version of z/OS?
2) If you do a F dfhsmtaskname,Q SETSYS does it show the same info as the
ARCCMDxx member?
3) What is the specific messages you are seeing during autobackup?
Lizette
> -Original Message-
> From: IBM Mainframe Discussion List
Or has had their data center blown up-vault and all! Can you say 'single
point of failure'?
In a message dated 11/22/2016 7:51:28 P.M. Central Standard Time,
0041d919e708-dmarc-requ...@listserv.ua.edu writes:
Not just from some manager who doesn't know Mainframes, but some manager
th
Not just from some manager who doesn't know Mainframes, but some manager
that has never had the responsibility of operating a real computer
system for production purposes, especially in an Enterprise size data
center.
/Tom kern
On 11/22/2016 13:43, william janulin wrote:
Sounds like the bra
HSM is not my ballgame, but I am tasked with figuring out this puzzle,
so bear with me. As for background, the shop attempts to run lights-out
24/7.
Once a week, HSM performs an AUTOBACKUP. Until about 3 months ago, if
nobody was at the shop, HSM would ask for an exiting tape, wait 10
minutes
For a while, about 15 years ago, we had "firecall" IDs. When you logged in, it
prompted you for information that, in turn, updated RACF with Name, expiration,
etc. These IDs were kept in paper form, in the Data Center Manager's office.
Of course, you had to jump thru the flaming hoops of Chan
Isn't this a violation of PCI DSS? "10.1 Implement audit trails to link all
access to system components to each individual user."
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bigendian Smalls
Sent: Tuesday, November 22, 20
On Tue, 22 Nov 2016, at 18:44, Tony Thigpen wrote:
> As usual, some pc based person only thinks of the way their world works.
>
> I have been though multiple audits at multiple companies where they
> accepted that:
> 1) System programmers had two logons. One "normal" and one "higher". The
> "nor
At a minimum, I think an IT auditor would require a method of joining who owns
one of these id's when, so the mainframe logs (and any other system) can know
the real "who" did something. What about long running tasks? Can I start a
session that outlives my lease on the ID? I bet my task lives
The scripting for x3270 is basically just automation control. I don't
really understand why there would be a performance issue or concern.
http://x3270.bgp.nu/Unix/x3270-script.html
Here's an example that I did that logs into TSO with a password/passticket
supplied in an environment variable:
This is pretty close to how we operate too. While we are not yet to the
vaulting stage for the god ID's. They are working hard to push everything we
do in the PROD environment into a Change record. Things that used to fall
into "systems administration" gray area.
In the past, if we had to
On Tue, Nov 22, 2016 at 2:47 PM, Robert Prins wrote:
> On 2016-11-22 18:31, Donald Likens wrote:
>
>> I failed to mention that when using EXEC 'rexx.library'. (where
>> 'rexx.library' contains member TEMPNAME.)
>>
>> I am thinking about looking at the output of LISTA but not sure it is
>> worth
>
On 2016-11-22 18:31, Donald Likens wrote:
I failed to mention that when using EXEC 'rexx.library'. (where
'rexx.library' contains member TEMPNAME.)
I am thinking about looking at the output of LISTA but not sure it is worth
the effort. If anyone else has a need for this capability I may be able
As usual, some pc based person only thinks of the way their world works.
I have been though multiple audits at multiple companies where they
accepted that:
1) System programmers had two logons. One "normal" and one "higher". The
"normal" userid still had some privileged access, but nothing like
Sounds like the brainchild of this project came from some management type that
has no clue about mainframes. Usually ideas like that come from those types.
On Tuesday, November 22, 2016 1:37 PM, Bigendian Smalls
wrote:
This is something I hadn’t heard much about, but a couple question
Here is my contribution - it is a rexx exec that will check the STEPLIB (or
provided ddname) for apf authorization. It uses the console interface to get
the apf list and then uses lista to find the dsnames in the allocation. The
challenge is that lista does not provide the volser so the assump
This is something I hadn’t heard much about, but a couple questions come to
mind - for anyone who has thought about or implemented this:
1) If you have a pool of IDs, then are you losing granularity with which you
might want to assign privelages? Meaning you now have to have IDs that have
exac
I failed to mention that when using EXEC 'rexx.library'. (where 'rexx.library'
contains member TEMPNAME.)
I am thinking about looking at the output of LISTA but not sure it is worth the
effort. If anyone else has a need for this capability I may be able to work
something out and post it.
-
You know what I am thinking of doing? Yes, it would be great to loop through
all of the concatenations of STEPLIB and display the APF status of each. More
time than I can justify at this moment. But what about the following? Wouldn't
this solve the problem? A very simple program that would open
On Tue, Nov 22, 2016 at 11:35 AM, Charles Mills wrote:
> > And those for whom this too complicated: don't touch a z/OS system until
> you have covered the dummies course.
>
> I'll tell the support staff to start telling that to the POCs. I'm sure the
> sales team will be pleased.
>
INSTALLATION
> And those for whom this too complicated: don't touch a z/OS system until
you have covered the dummies course.
I'll tell the support staff to start telling that to the POCs. I'm sure the
sales team will be pleased.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:I
Part 2 of the Story is that once all the bugs are fix/ironed out, ANYONE with a
privileged USERID ID will have to LOGON Using CyberArk just to do their daily
work. This includes SECURITY, and SYSPROGS
Steve Beaver
-
Jim - You just hit my ballpark
We have tried out CA and CyberArk. We opted for CyberArk, however they have
absolutely not idea what TN3270 is. CyberArk has attempted, to write their own
TN3270 using open Source and its a disaster. There was a call today with
CyberArk and they were told to
On 11/22/2016 5:06 AM, Peter Relson wrote:
What the system has, and could return (indeed does provide to the CSVFETCH
exit as of z/OS 2.2) is the UCB address and CCHH of the data set. I don't
claim to know exactly how, but you can get from that to the data set name.
An enhancement could be made
NTAC:3NS-20
Our company is undergoing a project to 'protect privileged access' by using a
password vaulting product. We have been doing this for quite some time for
applications teams who require higher levels of access to production datasets
for problem resolution, installs, etc.
The way it wor
We run two sysplexes of about 12 LPARs each (NonProd vs Prod). Both plexes have
a single mcat shared across the plex (but not between plexes). We've upgraded
these from release to release over the last 10 years and never had to use a
second master catalog. In fact, I just checked our NonProd mca
I use x3270 all the time. And I've made widespread use of custom key
sequences to make me more productive. So far so good.
Kirk, you mentioned scripting. I've only had limited success with that.
One day I'll persist. :-)
But the reason for leaping in is to ask whether - in anyone on the list's
There are a bunch of pieces that I would have to externalize; maybe some
day.
I don't really find x3270 all that objectionable. Its fairly easy to
customize and the scripting works fine.
Granted, I don't use it that much; most of my z/OS work is from a shell.
Kirk Wolf
Dovetailed Technologies
ht
On 11/18/2016 9:32 AM, Mark Pace wrote:
Great minds. I created an Shopz order for an RSU yesterday.
Still having problems with Data connection. Customer tried several changes
on their firewall without any luck. They are now going to the vendor to
try to figure why it isn't working.
Good lu
On Tue, Nov 22, 2016 at 9:01 AM, Kirk Wolf wrote:
>
>
>
> We do something like this from our Linux workstations. I wrote a script
> that makes an ssh connection (authenticating with a private key from a
> password safe) and over this connection it runs a z/OS UNIX command to
> return a RACF pa
On Tue, Nov 22, 2016 at 12:03 AM, Jack J. Woehr wrote:
>
> SSH and secure Telnet3270E essentially use the same security technology,
> that is, OpenSSL.
>
z/OS OpenSSH does include some of the EVP crypto code from OpenSSL for
Ciphers and MACs, etc, but it doesn't use any "SSL" or "TLS" functiona
Plus three new ones: AS, DYNX and PROC
The enhancements are available through functional PTFs, as listed in Table 4.
Check the
software status before installing the PTFs to ensure that you have the latest
maintenance.
Table 4 PTF information
The z/OS V1.13 PTFs are toleration only. The new enh
Just in case someone might be interested in this new function in SDSF at z/OS
V2.1 and V2.2
Lizette
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Lizette Koehler
> Sent: Tuesday, November 22, 2016 7:36 AM
> To: IBM-MAIN@LISTS
Actually this can be in z/OS V2.1 with a PTF
APAR Identifier .. PI60831 Last Changed 16/07/04
NEW FUNCTION
Symptom .. NF NEW FUNCTION Status ... CLOSED UR1
Severity ... 4 Date Closed . 16/06/13
Component .. 566548
" Prior to this job I worked at a shop where we supported sysplexes from a
single system to up to 10 LPARs in a single sysplex. The master catalogs were
not shared , I think I would put forth one big reason for not sharing the
master catalog, would be system upgrades, when we went through the z
I didn't know that one, but now I see I also have it in 2.1
Kees.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Tom Marchant
Sent: 22 November, 2016 14:53
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Which STEPLIB concatenation is not
On Tue, 22 Nov 2016 13:28:14 +, Vernooij, Kees wrote:
>Take your libraries and check them against D PROG,APF and you
>know what you're looking for.
And if you are at z/OS 2.2, the APF command in SDSF is even
easier, because the list is sorted by DSNAME.
--
Tom Marchant
--
On Mon, 21 Nov 2016 21:44:19 +, Nims,Alva John (Al) wrote:
>I would put forth one big reason for not sharing the master catalog,
>would be system upgrades, when we went through the z/OS upgrades,
>there were times where SYS1. Level data sets location changed from
>one release to the next an
Binyamin:
Here is how I have things defined, and I do not get the message that you get:
LAR1,1 Most TU entries will need "1"
*
* ALLOC w/ DDNAME text unit setup
Altogether, to me this all seems a tremendous overkill for a problem that
occurs a few time per year somewhere in the world.
How many system programmers does it take to switch a lightbulb? How many to
check a steplib concatenation on 047 abends?
Take your libraries and check them against D PROG
IMHO, we need an enhancement to CSVQUERY/CSVINFO (as appropriate) to
return the fully-qualified data set name and volume and/or HFS path from
which a module was actually fetched. (If it came from VLF, that
information would need to be preserved at the time the module is cached
so it can be pro
On 2016-11-20 12:47, Robert Prins wrote:
Hi all,
After a long, long time, I've decided to update these legacy-language to
HTML tools again, but I need some help, as I'm only on a z/OS 1.10/1.12
system, which means that I have absolutely no clues about
- the way all new JCL statements are colour
Venkat,
Can you please clarify exactly what you want to achieve, what point you are
trying to reach? By "TSO" do you mean, as Paul suspects, you need direct,
immediate, access to a TSO prompt for some long-superseded limit on some
requirement from years 'n' years ago? Or do you, by "TSO", mean
51 matches
Mail list logo