Re: RACF permission to INETD OTELNET port?

Robert S. Hansel 2024 IBM Champion Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.rshconsulting.com -Original Message- Date:Mon, 17 Jun 2024 15:28:13 -0500 From:Stuart Holland Subject: Re: RACF permission to INETD

Re: RACF permission to INETD OTELNET port?

Check the PROFILE.TCPIP data set. PORT statements in there reserve ports to specific job names. Anything else trying to use that port will be rejected. On 6/17/24 1:30 PM, Tom Brennan wrote: Well that destroys my theory that the problem was caused by a non-root id :)  Like you say, there must

Re: RACF permission to INETD OTELNET port?

Well that destroys my theory that the problem was caused by a non-root id :) Like you say, there must be something else involved. Sounds like you're making progress though. Just curious, what made you choose port 323? On 6/17/2024 9:26 AM, Binyamin Dissen wrote: Changed it to 323 and it

Re: RACF permission to INETD OTELNET port?

Changed it to 323 and it works. I cannot figure out which BPX* resource would control this (23) and how. On Mon, 17 Jun 2024 06:01:03 -0700 Tom Brennan wrote: :>I'm not sure if Attila was saying to try this, but if you can change the :>port to something higher than 1024 and the bind works,

Re: RACF permission to INETD OTELNET port?

I'm not sure if Attila was saying to try this, but if you can change the port to something higher than 1024 and the bind works, that would indicate you're not really root at the time of the bind. Then if the userid starting the task is root, maybe somebody is doing a setuid() or similar

Re: RACF permission to INETD OTELNET port?

Is INETD configured correctly? Your config is in etc/inetd/conf*. *TELNET is delivered specifying an ID of OMVSKERN and must be defined with both superuser and daemon authority. Guessing you are using OMVSKERN based on uid(0). Your port 722 is presumably defined in the /etc/services file On

Re: RACF permission to INETD OTELNET port?

Brave man running uid(0) for other than the OMVS kernel ... usually uid(0) does give superuser authority, but you may need to be in group(SYS1) and have a GID. Another possibility is having root as HOME('/'). good luck, its frustrating that simply things like getting a reason code for

Re: RACF permission to INETD OTELNET port?

Took a dump of the address space, and the associated userid has UID(0) What else would be required for root access? On Mon, 17 Jun 2024 06:29:01 +1000 Attila Fogarasi <05b6fee9abb7-dmarc-requ...@listserv.ua.edu> wrote: :>port 722 is a privileged port, usually means your program needs root

Re: RACF permission to INETD OTELNET port?

port 722 is a privileged port, usually means your program needs root access, all of that is configured outside of RACF. On Mon, Jun 17, 2024 at 6:16 AM Binyamin Dissen < 0662573e2c3a-dmarc-requ...@listserv.ua.edu> wrote: > On Sun, 16 Jun 2024 09:47:20 -0500 Walt Farrell >

Re: RACF permission to INETD OTELNET port?

On Sun, 16 Jun 2024 09:47:20 -0500 Walt Farrell <05bd6dbb44aa-dmarc-requ...@listserv.ua.edu> wrote: :>On Sun, 16 Jun 2024 17:20:34 +0300, Binyamin Dissen wrote: :>>Getting :>>BPXF024I (TCPIP) Jun 16 06:38:15 inetd 65583 : FOMN0091 *:otelnet/tcp: :>>722 bind: EDC5111I Permission denied.,

Re: RACF permission to INETD OTELNET port?

On Sun, 16 Jun 2024 17:20:34 +0300, Binyamin Dissen wrote: >Getting > >BPXF024I (TCPIP) Jun 16 06:38:15 inetd 65583 : FOMN0091 *:otelnet/tcp: >722 bind: EDC5111I Permission denied., rsn=744C7246 > >Not sure where it got 722 - looked in all the /etc places. > >Also, what permission would be

Re: RACF - SDSF question

: ACIWorldwide - Telecommuter H(412-766-2697) C(412-519-2592) terri.shaf...@aciworldwide.com -Original Message- From: IBM Mainframe Discussion List On Behalf Of Rob Scott Sent: Wednesday, April 17, 2024 11:02 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF - SDSF question [You don't often get

Re: RACF - SDSF question

tsoftware.com> W:RocketSoftware.com From: IBM Mainframe Discussion List On Behalf Of Shaffer, Terri Sent: Wednesday, April 17, 2024 08:28 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF - SDSF question EXTERNAL EMAIL Hi, I would like to resurrect this question again, because my issue is back but not s

Re: RACF - SDSF question

Of course, that should read "UPDATE or ALTER access" Rob From: IBM Mainframe Discussion List On Behalf Of Rob Scott Sent: Wednesday, April 17, 2024 4:02 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF - SDSF question EXTERNAL EMAIL You can check what security activity is going

Re: RACF - SDSF question

are From: IBM Mainframe Discussion List On Behalf Of Shaffer, Terri Sent: Wednesday, April 17, 2024 1:28 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF - SDSF question EXTERNAL EMAIL Hi, I would like to resurrect this question again, because my issue is back but not sure if b

Re: RACF - SDSF question

@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: RACF - SDSF question Hi, I would like to resurrect this question again, because my issue is back but not sure if by design or my RACF setup... Because we are a development shop, we allow our developers to start/stop and issue modify commands to shutdown

Re: RACF - SDSF question

- Telecommuter H(412-766-2697) C(412-519-2592) terri.shaf...@aciworldwide.com -Original Message- From: IBM Mainframe Discussion List On Behalf Of Shaffer, Terri Sent: Wednesday, February 8, 2023 9:09 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF - SDSF question EXTERNAL EMAIL: Do

Re: RACF, external password management

FWIW, the list of messages that I posted came from the web interface. On Tue, 9 Apr 2024 22:25:57 +0100, Jeremy Nicoll wrote: >On Tue, 9 Apr 2024, at 21:29, Tom Marchant wrote: >> I haven't noticed. How did you determine that they are gone? I see >> these posts from you, some of which

Re: RACF, external password management

On Tue, 9 Apr 2024, at 21:29, Tom Marchant wrote: > I haven't noticed. How did you determine that they are gone? I see > these posts from you, some of which reference zMFA. I just looked in the list archive whose address is specified in the List-Archive:

Re: RACF, external password management

I haven't noticed. How did you determine that they are gone? I see these posts from you, some of which reference zMFA. Re: RACF, external password management Linda Hagedorn 2024-02-29 15:53IBM-MAIN Re: RACF, external password management Linda Hagedorn 2024-02-29 13:00

Re: RACF, external password management

Has anyone else noticed their posts deleted? My posts re: zMFA are gone. Poof. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF/DB2 Search Question?

Hi Terri, Temporarily add the UAUDIT attribute to the ID to generate SMF records for everything it touches, and use this information to help remediate its authority. For DB2-related activity, look in the LOGSTR field of the SMF record as this will often tell you what resource it was originally

Re: RACF, external password management

te: Fri, 1 Mar 2024 06:24:45 + > From: Timothy Sipples mailto:sipp...@sg.ibm.com>> > Subject: Re: RACF, external password management > > Linda Hagedorn wrote: > >This is very promising. Do you know where I can read more about ZMFA? > > The documentation landing page is here:

Re: RACF, external password management

ipples mailto:sipp...@sg.ibm.com>> Subject: Re: RACF, external password management Linda Hagedorn wrote: >This is very promising. Do you know where I can read more about ZMFA? The documentation landing page is here: https://www.ibm.com/docs/en/zma<https://www.ibm.com/docs/en/zma> >I

Re: RACF, external password management

W dniu 01.03.2024 o 19:43, Seymour J Metz pisze: And after the user is revoked. *permanently*. Making a logon loop a convenient option for a DOS attack. ...and your proposal is? (not to say userlist need not to be published) -- Radoslaw Skorupka Lodz, Poland

Re: RACF, external password management

Frank Swarbrick wrote: >I have a curious question about MFA on z/OS. Does each login >require a different token? Meaning, if I log on to TSO and to CICS, >can I use the same token? I ask because I log on and off to >various CICS regions throughout the day, and I'd hate to have to >get a new

Re: RACF, external password management

it were, and it would log you in to each VTAM application you use. I don't think this is available right now, correct me if I'm wrong! Frank From: IBM Mainframe Discussion List on behalf of Timothy Sipples Sent: Thursday, February 29, 2024 11:24 PM To: IBM-MAIN@LIST

Re: RACF, external password management

if I'm wrong! Frank From: IBM Mainframe Discussion List on behalf of Timothy Sipples Sent: Thursday, February 29, 2024 11:24 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF, external password management Linda Hagedorn wrote: >This is very promising. Do you know where I c

Re: RACF, external password management

ist on behalf of Radoslaw Skorupka <0471ebeac275-dmarc-requ...@listserv.ua.edu> Sent: Friday, March 1, 2024 10:27 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF, external password management W dniu 29.02.2024 o 21:53, Linda Hagedorn pisze: > The regulations are from NY state, NY

Re: RACF, external password management

W dniu 29.02.2024 o 21:53, Linda Hagedorn pisze: The regulations are from NY state, NYDFS. https://www.dfs.ny.gov/system/files/documents/2023/12/rf23_nycrr_part_500_amend02_20231101.pdf 500.7 Access privileges and management. 500.7(c) Each class A company shall monitor privileged

Re: RACF, external password management

It does not, however password exit can provide same functionality. BTW: In my opinion it is big lack in RACF features. IBM take care about GUI, java, python etc. to make the platform more attractive to young IT folks. However sometimes it would be nice to have sample job with list of words, it

Re: RACF, external password management

ards, Bob > > Robert S. Hansel 2024 IBM Champion > Lead RACF Specialist > RSH Consulting, Inc. > 617-969-8211 > www.linkedin.com/in/roberthansel > www.rshconsulting.com > > -Original Message- > Date: Thu, 29 Feb 2024 14:53:36 -0600 > From: Linda Hagedorn li

Subject: Re: RACF, external password management

A simple suggestion: Do not let this project create an even worse situation! More recent z/OS setups (with RACF) can "disable" a userid after "n" password failures. ("n" is often 3.) If your userids are easily found/duplicated, a really bad guy could, with relatively minor Linux/Windows scripts,

Re: RACF, external password management

2024 IBM Champion Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.rshconsulting.com -Original Message- Date:Thu, 29 Feb 2024 14:53:36 -0600 From:Linda Hagedorn Subject: Re: RACF, external password management The regulations are from

Re: RACF, external password management

Michael Brennan wrote: >Both ACF2 and Top Secret have common phrases that can not be >used for passwords and you can add or subtract from the list. >You would think RACF would have the same. I have not

Re: RACF, external password management

Linda Hagedorn wrote: >It's one option to force all RACF password changes through a single >point. However, there's a lot of ways to reach the password change >process in MVS, and writing blocks for all of them isn't reasonable. >The ZMFA holds promise, if I can find a software company that has

Re: RACF, external password management

Linda Hagedorn wrote: >This is very promising. Do you know where I can read more about ZMFA? The documentation landing page is here: https://www.ibm.com/docs/en/zma >I'm interested in knowing how to configure the external source, and how >the token is passed back to RACF, and how long the token

Re: RACF, external password management

Both ACF2 and Top Secret have common phrases that can not be used for passwords and you can add or subtract from the list. You would think RACF would have the same. I have not dug through the RACF manuals to determine if it does or not. On Thu, Feb 29, 2024 at 12:09 AM Timothy Sipples wrote: >

Re: RACF, external password management

I like it. And there are more than one potential software vendors reading your request on this site. ;-) Sent from [Proton Mail](https://proton.me/mail/home) for iOS On Thu, Feb 29, 2024 at 3:53 PM, Linda Hagedorn <[05cf4637de00-dmarc-requ...@listserv.ua.edu](mailto:On Thu, Feb 29, 2024

Re: RACF, external password management

The regulations are from NY state, NYDFS. https://www.dfs.ny.gov/system/files/documents/2023/12/rf23_nycrr_part_500_amend02_20231101.pdf 500.7 Access privileges and management. 500.7(c) Each class A company shall monitor privileged access activity and shall implement: (1) a

Re: RACF, external password management

W dniu 28.02.2024 o 22:35, Linda Hagedorn pisze: My company wants an external password manager to substitute for RACF. I need to know if anyone has experience with this, or common password matching in RACF. Background Regulations NYDFS require preventing common passwords to be used. Vendor

Re: RACF, external password management

Sorry no; was this problem on the main frame? Sent from my iPhone > On Feb 29, 2024, at 13:00, Linda Hagedorn > <05cf4637de00-dmarc-requ...@listserv.ua.edu> wrote: > > In the process you describe, could I still while logged into tso/ispf change > my password in RACF, bypassing the AD

Re: RACF, external password management

I think the exit point(s) mentioned by others is(are) where you would check the clear text against those common passwords, and reject that password change at that point. Specifically to your question "any development to ingest": Unless you can find a vendor to provide you with such, your

Re: RACF, external password management

In the process you describe, could I still while logged into tso/ispf change my password in RACF, bypassing the AD routine? // JOB (ACCT INFO),'PGMR INFO', // CLASS=??,MSGCLASS=??,NOTIFY=userid, // USER=userid,PASSWORD=(OLDPASS,NEWPASS) //IEBFR14 EXEC PGM=IEFBR14

Re: RACF, external password management

Do you know if there's any development to ingest the list of passwords known to be involved in breaches, and match RACF password changes against them? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email

Re: RACF, external password management

This is very promising. Do you know where I can read more about ZMFA? I'm interested in knowing how to configure the external source, and how the token is passed back to RACF, and how long the token lasts. For example, if systems programmers are working a problem, we wouldn't want the

Re: RACF, external password management

Commonly used passwords and those found in breaches (dark web for example). P@$$w0rd, etc. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO

Re: RACF, external password management

This is exactly where I'm going. I think IBM should, if they haven't already, find a way to register the frequently found passwords and make an option to scan the PW in RACF. There may be a liability, but certainly a disclaimer can be included in the license. If this already exists, a

Re: RACF, external password management

Hi Bob, If it is what I am thinking... I didn't think this day would come. There are hashes of known, breached passwords generally collected. Here's the most prominent one - https://haveibeenpwned.com/Passwords There are blog posts on the same site explaining what it is, how to use that

Re: RACF, external password management

Hi Linda, How do you define "common password"? Regards, Bob Robert S. Hansel 2024 IBM Champion Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.rshconsulting.com -Original Message- Date:Wed, 28 Feb 2024 15:35:54 -0600

Re: RACF, external password management

Hi, If what you need is to prevent users from using easy to guess passwords, RACF already has the tools that you need, from implementing mixed case, passphrases, and special characters, or/and using the password or passphrase exit, which is very easy to implement, to validate password complexity

Re: RACF, external password management

Hi Linda: Could you define common passwords? Are we talking about commonly used passwords? Or are we talking about a password that is common to multiple users IDs? Suppose you were to use three Chars and then numbers to make up a TSO ID. These are the IDs used by people that do not need

Re: RACF, external password management

Linda, I'd think twice on this topic. We do vault our elevated access id's and I am fine with that, but to hand off all password management is a solution looking for a problem. There is the racf password quality exit that can be coded up to disallow "common" passwords. On top of that, you

Re: RACF, external password management

We had our typical users (some exceptions for Security team, etc) change their password on AD (Ctrl-Alt-Del) with a 3rd party tool providing extra controls as desired. Then we scripted a send of the accepted pw/phrase up to RACF with the request to set the password/phrase there. The basic RACF

Re: RACF Automation (Cross Posted)

The last major RACF project I architected was for something I presume would probably fit your clients bill here. Some of the necessary elements we incorporated were: Delegated (though not via RACF means) Ownership of all RACF general resource and dataset profiles - thereby making sure that

Re: RACF Automation (Cross Posted)

Classification: Confidential Try Vanguard software. http://www.go2vanguard.com/ -Original Message- From: IBM Mainframe Discussion List On Behalf Of Bob Bridges Sent: Thursday, January 25, 2024 4:52 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF Automation (Cross Posted) [CAUTION

Re: RACF Automation (Cross Posted)

ACF2 has since added full support for RACF-style groups, and some ACF2 shops have made the change to using those instead of UID strings. This was before that, though, and I'm pretty sure they handled it by storing, for each role, groups of UID strings. I don't remember the details of how that

Re: RACF Automation (Cross Posted)

On Thu, 25 Jan 2024 17:51:46 -0500, Bob Bridges wrote: >Back when my client in Ohio installed it, we called it "Sam-Jupiter". It appears that Beta Systems acquired the product and call it Beta-Access. https://www.betasystems.com/en/products/beta-access/ It also appears they removed

Re: RACF Automation (Cross Posted)

Back when my client in Ohio installed it, we called it "Sam-Jupiter". I don't know what the extra name implies. The client seemed content with their choice, although it was really designed to work with RACF and this is an ACF2 client. Also Sailpoint, but I think you mentioned that possibility

Re: RACF Automation (Cross Posted)

On Thu, 25 Jan 2024 10:15:57 -0600, Steve Beaver wrote: >I don't even know if the product still exists. -- The closest IVP that I know >of is OKTA. See if SAM (Security Administration Manager) still exists (possibly rebranded). The company no longer exists but I found

Re: RACF Automation (Cross Posted)

the couple hundred thousand to write and watch people retire. Steve -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jon Perryman Sent: Thursday, January 25, 2024 10:07 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF Automation (Cross

Re: RACF Automation (Cross Posted)

On Tue, 23 Jan 2024 12:39:47 -0600, Steve Beaver wrote: >I have a customer that would like to AUTOMATE RACF. Did you solve your problem? You need to clarify what AUTOMATE RACF means to the customer. What is the problem the customer is trying to solve because they can't mean automate.

Re: Racf Userid

Of Robert S. Hansel (RSH) Sent: Thursday, January 11, 2024 7:02 AM To:IBM-MAIN@LISTSERV.UA.EDU Subject: [EXT] Re: Racf Userid Please Note: This email is from an [EXTERNAL] sender. Do not click on links or attachments unless you expect them from the sender and know the content is safe. Please contact

Re: Racf Userid

@LISTSERV.UA.EDU Subject: [EXT] Re: Racf Userid Please Note: This email is from an [EXTERNAL] sender. Do not click on links or attachments unless you expect them from the sender and know the content is safe. Please contact the Service Desk if you have any concerns regarding this message. Hi Shelia

Re: Racf Userid

Hi Shelia, First off, in output of the LISTUSER command, find the most recent LAST-CONNECT date/time in the group connect information for all ID's groups. Most likely it will be associated with the ID's default group. If it is the same as the LAST-ACCESS date/time, then the later was updated

Re: Racf Userid

Classification: Confidential Suspend it and see who complains. Alternatively, t he type 8x SMF records carry the RACF UID (actually most of the job/dataset oriented records type 30, 14, 15), so you can check there as well. Select by userid and filter out what you know. That which remains is

Re: Racf Userid

documented here: https://www.ibm.com/docs/en/zos/2.3.0?topic=records-record-type-80-racf-processing-record On Thu, Jan 11, 2024 at 11:21 AM Wayne Bickerdike wrote: > SMF type 80 records. > > On Thu, Jan 11, 2024 at 8:38 AM Chalk, Shelia wrote: > >> Hello, >> >> I have a userid abc that was

Re: Racf Userid

SMF type 80 records. On Thu, Jan 11, 2024 at 8:38 AM Chalk, Shelia wrote: > Hello, > > I have a userid abc that was last access in racf on 1/7/24 at 5:06 a.m. > Is there a report or something that will tell me who (batch job, script, > etc..) is using this userid? > > Thanks > Shelia Chalk >

Re: RACF and Encryption (Cross Posted

I wrote One minute MVS – Using individual data set encryption on z/OS which may help you get started. For example you'll need ICSF. Colin On Thu, 4 Jan 2024 at 20:36, Steve Beaver <

Re: RACF, the FACILITY class, and z/XDC

s concerned > ,then XFACILIT makes sense in most cases. > > Rob Scott > Rocket Software > > -Original Message- > From: IBM Mainframe Discussion List On Behalf > Of Phil Smith III > Sent: Sunday, November 12, 2023 8:38 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subjec

Re: RACF, the FACILITY class, and z/XDC

Since everyone already answered, here is my answer :-) 1. You can choose your own class. Advantages: You choose max. profile length, etc. Naming conventions is completely up to you, that means no interference with other products/profiles, no reserved names/prefixes. Disadvantage: Some people

Re: RACF, the FACILITY class, and z/XDC

David, Why don't you give the option to select the RACF class to the customer? You can give the instructions to create a new class in CDT or instruct them to use the XFACILIT class. Best Regards Ituriel do Nascimento Neto z/OS System Programmer Em segunda-feira, 13 de novembro de 2023

Re: RACF, the FACILITY class, and z/XDC

Hi Jon, Thanks for your thoughts, but I'm not trying to decide if I should use FACILITY. I'm trying to decide how I should go about discontinuing using FACILITY. Based on suggestions from others on this thread, I've made the decision to switch to using a class named XFACILIT. [Switching

Re: RACF, the FACILITY class, and z/XDC

On Mon, 13 Nov 2023 13:30:56 -0500, David Cole wrote: >so while creating a "$XDC" class perhaps might be "easy", to >paraphrase Peter, why would I make a customer do that when I don't have to... > >So thank you to those who tipped me off about the XFACILIT. It sounds >perfect for my needs.

Re: RACF, the FACILITY class, and z/XDC

On Mon, 13 Nov 2023 12:58:16 + Peter Relson wrote: :>Regardless of whether it is hard or easy, why would you :>want to bother creating a new class when there is an :>existing class (XFACILIT) that completely addresses the problem :>(and thus would be easier for a customer)? DEFAULTRC

Re: RACF, the FACILITY class, and z/XDC

While some have suggested creating your own class, there is an off-the-shelf class suitable for XDC's use: XFACILIT. - Maximum resource length is 246 - Default return code is 8 (everything is denied if the resource is not defined) This is just as suitable as creating your own class name, and

Re: RACF, the FACILITY class, and z/XDC

Regardless of whether it is hard or easy, why would you want to bother creating a new class when there is an existing class (XFACILIT) that completely addresses the problem (and thus would be easier for a customer)? Peter Relson z/OS Core Technology Design

Re: RACF, the FACILITY class, and z/XDC

he profile namespace is concerned ,then XFACILIT makes sense in most cases. Rob Scott Rocket Software -Original Message- From: IBM Mainframe Discussion List On Behalf Of Phil Smith III Sent: Sunday, November 12, 2023 8:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF, the FACILITY class,

Re: RACF, the FACILITY class, and z/XDC

Ed Jaffe recommended against creating a SAF class. I'll respectfully suggest that it's not that hard. First, if you do, IBM told us, "Start the class name with a dollar sign-we'll never use those". Of course you could collide with another vendor, but that's unlikely. We've had customers doing

Re: RACF, the FACILITY class, and z/XDC

On Sun, 12 Nov 2023 10:46:36 -0800 Ed Jaffe wrote: :>On 11/12/2023 10:30 AM, Binyamin Dissen wrote: :>> With the CDT class, it is just a few RACF commands. :>> RDEFINE CDT class + :>> CDTINFO(+ :>> MAXLENGTH(100) + :>> RACLIST(ALLOWED) + :>>

Re: RACF, the FACILITY class, and z/XDC

On 11/12/2023 10:30 AM, Binyamin Dissen wrote: With the CDT class, it is just a few RACF commands. RDEFINE CDT class + CDTINFO(+ MAXLENGTH(100) + RACLIST(ALLOWED) + GENLIST(ALLOWED)+ FIRST(ALPHA,NATIONAL,NUMERIC)

Re: RACF, the FACILITY class, and z/XDC

On Sun, 12 Nov 2023 07:13:03 -0800 Ed Jaffe wrote: :>On 11/12/2023 3:02 AM, Binyamin Dissen wrote: :>> You should make your own class. :>> :>> Classes can be dynamically added by adding to the CDT class. :> :>This is extra hassle at client sites and IMHO should be avoided. With the CDT class,

Re: RACF, the FACILITY class, and z/XDC

On 11/12/2023 3:02 AM, Binyamin Dissen wrote: You should make your own class. Classes can be dynamically added by adding to the CDT class. This is extra hassle at client sites and IMHO should be avoided. Long ago, we suggested clients create an "EJES" class for our (E)JES product. There are

Re: RACF, the FACILITY class, and z/XDC

behalf of Binyamin Dissen Sent: Sunday, November 12, 2023 11:02:01 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF, the FACILITY class, and z/XDC EXTERNAL EMAIL You should make your own class. Classes can be dynamically added by adding to the CDT class. On Sun, 12 Nov 2023 05:40:03 -0500

Re: RACF, the FACILITY class, and z/XDC

You should make your own class. Classes can be dynamically added by adding to the CDT class. On Sun, 12 Nov 2023 05:40:03 -0500 David Cole wrote: :>I've got a problem. Decades ago, I made some assumptions about RACF's :>FACILITY class that have turned out to be wrong. :>Currently, I'm

Re: RACF, the FACILITY class, and z/XDC

The properties for the supplied classes in RACF can be found here https://www.ibm.com/docs/en/zos/2.3.0?topic=reference-supplied-class-descriptor-table-entries You can easily add new classes by adding a profile in the CDT class. -Original Message- From: IBM Mainframe Discussion List On

Re: RACF, the FACILITY class, and z/XDC

The longest profile name in FACILITY is 39 characters (At least in z/OS v2.3) I would say that if you need something longer, you should create a dedicated class with the properties you want. -Original Message- From: IBM Mainframe Discussion List On Behalf Of David Cole Sent: יום א 12

Re: RACF ICH408I messages

I will look at vanguard. Thanks Shelia Chalk -Original Message- From: IBM Mainframe Discussion List On Behalf Of Robert S. Hansel (RSH) Sent: Thursday, October 5, 2023 4:38 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXT] Re: RACF ICH408I messages Please Note: This email is from

Re: RACF ICH408I messages

Hi Shelia, Assuming your RACF monitoring options have been set correctly, the ICH408I messages will likely have corresponding SMF records. You can use RACF's SMF Unload utility to generate text or XML output from these records for research and reporting. If you have an adjunct RACF SMF

Re: RACF ICH408I messages

See File 417 on the www.cbttape.org site (check the https://cbttape.org/updates.htm for updates to the file) which contains the RACFADM ISPF dialog. The M option will do exactly what you are asking for. Hope this helps. Lionel B. Dyck <>< Website: https://www.lbdsoftware.com Github:

Re: RACF for using SDSF

: IBM Mainframe Discussion List On Behalf Of Itschak Mugzach Sent: Monday, September 4, 2023 10:37 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF for using SDSF You do not need to have sys1 as a default group. Che k if you are authorised to sdsf isf.connect profile ITschak בתאריך יום ב׳, 4

Re: RACF for using SDSF

Joseph, All you need is READ access to one of the following profiles: GROUP.ISFOPER.* GROUP.ISFSPROG.* GROUP.ISFUSER.* All profiles in CLASS(SDSF). Which one to use? ISFSPROG is the best, ISFUSER is the worst. Just try one after another and you will see the differences. Note: in the old days

Re: RACF for using SDSF

You got it did the connect and I am good thanks -Original Message- From: IBM Mainframe Discussion List On Behalf Of Itschak Mugzach Sent: Monday, September 4, 2023 10:37 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF for using SDSF You do not need to have sys1 as a default group

Re: RACF for using SDSF

You do not need to have sys1 as a default group. Che k if you are authorised to sdsf isf.connect profile ITschak בתאריך יום ב׳, 4 בספט׳ 2023 ב-17:34 מאת Rob Scott : > Joseph, > > I think you need to use the "CONNECT" command instead of ALTUSER : > > CONNECT userid GROUP(group_name) > >

Re: RACF for using SDSF

Joseph, I think you need to use the "CONNECT" command instead of ALTUSER : CONNECT userid GROUP(group_name) Afterwards a "LISTUSER userid" command should list all groups that the user is connected to. As most sites run with "list of groups checking", there is normally no need to change the

Re: RACF for using SDSF

Joe Reichman Yep even did setropts refresh On Mon, Sep 4, 2023 at 10:22 AM Colin Paice wrote: > did you logoff and logon again? > > On Mon, 4 Sept 2023 at 15:19, Joseph Reichman > wrote: > > > Hi > > > > > > > > I am getting the following message on my ADCD system > > > > > > > > ISF024I USER

Re: RACF for using SDSF

did you logoff and logon again? On Mon, 4 Sept 2023 at 15:19, Joseph Reichman wrote: > Hi > > > > I am getting the following message on my ADCD system > > > > ISF024I USER ADCDANOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT > > > > I tried ALU ADCDA GROUP(SYS1) this is the group that my other

Re: RACF passphrase support

Don't forget session managers. From: IBM Mainframe Discussion List on behalf of Chicklon, Thomas <01fbdb5fcb44-dmarc-requ...@listserv.ua.edu> Sent: Wednesday, June 14, 2023 11:40 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF passphrase s

Re: RACF passphrase support

. Tom Chicklon From: IBM Mainframe Discussion List On Behalf Of Colin Paice Sent: Wednesday, June 14, 2023 11:12 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF passphrase support My logon screen only has space for an 8 char password. See Activating password phrase support My logon screen only

Re: RACF passphrase support

My logon screen only has space for an 8 char password. See Activating password phrase support on how to change it. On Wed, 14 Jun 2023 at 15:30, Chicklon, Thomas <

  1   2   3   4   5   >