I missed this posting so I am replying late.
Yes, I have turned on PREINIT, POSTINIT, PASSWORD and PASSPHRASE.
I've driven PREINIT and POSTINIT functions.
The pointer to the password is supplied.
The pointer to the passphrase is never supplied.
When is the pointer to the passphrase supplied for P
Yes, PREINIT, POSTINIT, PASSWORD and PASSPHRASE are set to YES.
I see PREINIT and POSTINIT only but I never see a pointer to the PASSPHRASE
area even if I add a PASSPHRASE to the TSO user.
I have no idea how to drive PASSWORD and PASSPHRASE.
--
And you definitely have it turned on?
Rob
On Sun, Dec 4, 2022, 16:33 Pierre Fichaud wrote:
> For PRE and POSTINIT, I am looking at TXAIPASS and TXAIPHRA.
> TXAIPHRA never has a value for a TSO logon it seems.
>
> Pierre.
>
> --
For PRE and POSTINIT, I am looking at TXAIPASS and TXAIPHRA.
TXAIPHRA never has a value for a TSO logon it seems.
Pierre.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu w
On Sun, 4 Dec 2022 at 13:28, Pierre Fichaud wrote:
> For function code PREINIT and POSTINIT, a pointer to a passphrase area can
> be supplied in the exit's parameter list.
> I created 2 ACIDs, one with a passphrase and the other without a
> passphrase.
> When logging on with either one, I never s
For function code PREINIT and POSTINIT, a pointer to a passphrase area can be
supplied in the exit's parameter list.
I created 2 ACIDs, one with a passphrase and the other without a passphrase.
When logging on with either one, I never see a pointer to the passphrase area.
1) How can I drive PREIN
-MAIN@LISTSERV.UA.EDU
Subject: Sign on Activity Top Secret
**CAUTION EXTERNAL EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected
emails**
Does someone have a program that can be shared - that will list all TSO sign-on
?
I know it is SMF 80 record. I can wr
> Sent: Wednesday, December 11, 2019 3:21 PM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Sign on Activity Top Secret
> >
> > Does someone have a program that can be shared - that will list all TSO
> sign-
> > on ?
> >
> > I know it is SMF 80 record.
ion List On
> Behalf Of Steely.Mark
> Sent: Wednesday, December 11, 2019 3:21 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Sign on Activity Top Secret
>
> Does someone have a program that can be shared - that will list all TSO sign-
> on ?
>
> I know it is SMF 80 record.
Does someone have a program that can be shared - that will list all TSO sign-on
?
I know it is SMF 80 record. I can write a program but I don't want to re-invent
the wheel.
The program can be SAS, EARL, ASM etc
We are z/OS v2.2 and TSS v16. I looked at TSSUTIL but it only listed violations.
Does anyone on the list-serv have this setup? Compuware z/Adviser and CA Top
Secret (TSS)
I would like to ask for assistance offline from the list-serv (no offense).
Thank You
*** Disclaimer ***
This communication (including all attachments) is solely for the use of the
person to whom it
Responded offline.
UGH.. the Top Secret section of the CL Supersession manual.. is just
needlessly complicated!! No wonder there are problems.
I am going to lay down the gauntlet. Is anyone running Top Secret 4.2? It
has only been out of service for what ... 26 or 27 years!??!?
It is a bit
Listers:
I am installing CL/Supersession for the first time (currently we are IBM
Session Manager).
I am having difficulty understanding how to use dynamic application lists
with Top Secret security.
The documentation is extremely lacking in clarity on how to code the Top
Secret statements. I
SERV.UA.EDU] On
> Behalf Of Porowski, Kenneth
> Sent: Tuesday, May 1, 2018 12:58 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Top Secret as key manager/keystore/keyring for existing keys.
>
> Trying to set up Top Secret as the Mainframe key manager/keystore but
> havin
answer.)
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Porowski, Kenneth
Sent: Tuesday, May 1, 2018 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Top Secret as key manager/keystore/keyring for existing keys.
Trying to set up
@LISTSERV.UA.EDU
Subject: Top Secret as key manager/keystore/keyring for existing keys.
Trying to set up Top Secret as the Mainframe key manager/keystore but having
trouble finding a way to import existing keys in .ssh/authorized_keys and
.ssh/known_hosts into Top Secret. Has anyone been able to do this
Trying to set up Top Secret as the Mainframe key manager/keystore but having
trouble finding a way to import existing keys in .ssh/authorized_keys and
.ssh/known_hosts into Top Secret. Has anyone been able to do this? TIA.
This email message and any
: Current market share breakdown for EACH of the three z/OS ESM
products: RACF, CA-ACF2 and CA-Top Secret
On Wed, 9 Sep 2015 08:47:27 -0500, Steve Harner wrote:
>(a) When SKK was sold in 1986, ACF2 had a 60% market share while IBM’s RACF
>and CA’s Top Secret split the other 40%; and (b) Cur
Just to complement: RACF, TSS and ACF2 were not the only choice.
Here, in Poland many installation had been using polish security product
called PIES (eng. DOG).
Now, AFAIK there is (still) one small TSS shop, all the rest use RACF.
Few years ago I saw some announcement of DEADBOLT, product of
Tony Harminc wrote:
>Only IBM is in a position to truly know the market share, because only
>they know exactly how many z/OS systems are out there.
Not truly, not exactly. IBM's omnipotence is routinely overestimated. ;)
IBM presumably knows how many z/OS licensees(*) are licensing the z/OS
Secur
On Wed, 9 Sep 2015 20:40:49 +0300, Itschak Mugzach wrote:
>The market is is split between TSS & RACF. I know of only one ACF2 site,
>but they droped the mainframe...
Interesting - as I said I have never seen TSS in any shop in Aus. Just never
got a foothold here. That includes major banks and g
15 at 09:47, Steve Harner > wrote:
> > > I am interested in determining/clarifying what the current market share
> > breakdown is for EACH of the three
> > > z/OS ESM products: RACF, CA-ACF2 and CA-Top Secret.
> >
> > Only IBM is in a position to truly know the
er 2015 at 09:47, Steve Harner wrote:
> > I am interested in determining/clarifying what the current market share
> breakdown is for EACH of the three
> > z/OS ESM products: RACF, CA-ACF2 and CA-Top Secret.
>
> Only IBM is in a position to truly know the market share, because on
On 9 September 2015 at 09:47, Steve Harner wrote:
> I am interested in determining/clarifying what the current market share
> breakdown is for EACH of the three
> z/OS ESM products: RACF, CA-ACF2 and CA-Top Secret.
Only IBM is in a position to truly know the market share, because only
nesday, September 09, 2015 11:37 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Current market share breakdown for EACH of the three z/OS ESM
> products: RACF, CA-ACF2 and CA-Top Secret
>
> Yes, we have customers running TSS. I could (but won't LOL) name a very
> large bank.
>
&g
r 09, 2015 11:37 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Current market share breakdown for EACH of the three z/OS ESM
products: RACF, CA-ACF2 and CA-Top Secret
Yes, we have customers running TSS. I could (but won't LOL) name a very large
bank.
Charles
-Original Message-
A.EDU
Subject: Re: Current market share breakdown for EACH of the three z/OS ESM
products: RACF, CA-ACF2 and CA-Top Secret
On Wed, 9 Sep 2015 08:47:27 -0500, Steve Harner wrote:
>(a) When SKK was sold in 1986, ACF2 had a 60% market share while IBM’s RACF
>and CA’s Top Secret split the other
Hi, Shane.
I've seen and used Top Secret at government, military, and very large
financial service organizations.
No idea of the numbers, of course.
Cheers,,,Steve
Steven F. Conway
AO-DTS- CTHO-HSD INFRASTRUCTURE (INFR)
z/OS Systems Support
Phone: 703-295-1926
Mobile: 304-995-7360
stev
On Wed, 9 Sep 2015 08:47:27 -0500, Steve Harner wrote:
>(a) When SKK was sold in 1986, ACF2 had a 60% market share while IBM’s RACF
>and CA’s Top Secret split the other 40%; and (b) Currently , RACF has 75%
>market share while ACF2 and Top Secret from CA share the other 25 perce
On 9/9/2015 9:57 AM, Steve Harner wrote:
I am interested in determining/clarifying what the current market share
breakdown is for EACH of the three z/OS ESM products: RACF, CA-ACF2 and CA-Top
Secret. In his 5/24/12 interview with Jeffrey R. Yost, Ph.D.
(conservancy.umn.edu/bitstream/handle
I am interested in determining/clarifying what the current market share
breakdown is for EACH of the three z/OS ESM products: RACF, CA-ACF2 and CA-Top
Secret. In his 5/24/12 interview with Jeffrey R. Yost, Ph.D.
(conservancy.umn.edu/bitstream/handle/11299/132470/oh404bs.pdf), Barry Schrager
In <3981871087268839.wa.paulgboulderaim@listserv.ua.edu>, on
02/03/2015
at 08:39 AM, Paul Gilmartin
<000433f07816-dmarc-requ...@listserv.ua.edu> said:
>"address TSO" from a Rexx EXEC spawn()ed under Unix System Services
>runs the TMP in a separate address space,
Yes, a very different m
On Tue, 3 Feb 2015 12:35:16 -0500, Tony Harminc wrote:
>
>> "address TSO" from a Rexx EXEC spawn()ed under Unix System Services
>> runs the TMP in a separate address space, perhaps more like a job step
>> task; certainly more roundabout.
>
>This is an elegant approach; the problem is that you don't
On 3 February 2015 at 09:39, Paul Gilmartin
<000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
> On Mon, 2 Feb 2015 21:06:47 -0500, Shmuel Metz (Seymour J.) wrote:
>> on 02/01/2015 at 12:44 PM, Charles Mills said:
>>
>>>Ah. Then you need to LINK or whatever to IKJEFT01 passing a parm off
>>>R
I have a CA contact so we are talking..In want to make sure I design/code
correctly and of course safely for the customer..
Thanks for all you input as well as everyone else...
Regards,
Scott
IDF
On Tuesday, February 3, 2015, Paul Gilmartin <
000433f07816-dmarc-requ...@listserv.ua.edu> wrot
On Tue, 3 Feb 2015 11:39:09 -0500, Scott Ford wrote:
>
>Actually I like that scenario. A lot of ways to skin the cat..so to speak
>
I use it to run authorized programs with TSO CALL from SSH sessions.
Perhaps with familiarity with the APIs one might bypass Rexx and call
its services directly.
>
Gil:
Actually I like that scenario. A lot of ways to skin the cat..so to speak
Regards,
Scott
www.idmworks.com
On Tue, Feb 3, 2015 at 9:39 AM, Paul Gilmartin <
000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
> On Mon, 2 Feb 2015 21:06:47 -0500, Shmuel Metz (Seymour J.) wrote:
>
> >In <02
On Mon, 2 Feb 2015 21:06:47 -0500, Shmuel Metz (Seymour J.) wrote:
>In <023201d03e5f$e9f8b430$bdea1c90$@mcn.org>, on 02/01/2015
> at 12:44 PM, Charles Mills said:
>
>>Ah. Then you need to LINK or whatever to IKJEFT01 passing a parm off
>>R1 of 'command parameters ...'
>
>While tat woulf have wo
In <023201d03e5f$e9f8b430$bdea1c90$@mcn.org>, on 02/01/2015
at 12:44 PM, Charles Mills said:
>Ah. Then you need to LINK or whatever to IKJEFT01 passing a parm off
>R1 of 'command parameters ...'
While tat woulf have woked with the original TMP. I'm not sure how
well the current TMP will work
Walt Farrell wrote:
>I have no idea what functions of r_admin make sense on a TSS system, nor any
>idea of what level of support TSS provides for using r_admin. That's all
>something you'd need to talk to them about.
Indeed. The vendor of Top-Secret should be involved.
&
On Mon, 2 Feb 2015 11:40:13 -0500, Scott Ford wrote:
>The STC is autrhorized runs AC(1) from a APF authorized library. We have
>been using r_admin to pass commands and retrieve output to other external
>security subsystems ( i,e.; ACF2 and TSS ).
>But functionally, TSS supports FDT , user defned
Walt,
The STC is autrhorized runs AC(1) from a APF authorized library. We have
been using r_admin to pass commands and retrieve output to other external
security subsystems ( i,e.; ACF2 and TSS ).
But functionally, TSS supports FDT , user defned segments and fields, I
dont know what the RACF equiv
> The above will "work" but not sure what the ramifications are, however, if
> you establish a TSO environment in a long-running "job" such as a started
> task.
The most obvious one is that you cannot stop (p) the STC that has a batch TSO
environment. You will always have to cancel it, unless e
On Sun, 1 Feb 2015 14:30:26 -0500, Scott Ford wrote:
>The command in question runs in TSO/E Option # 6 and can be executed via
>IKJEFT01 in batch. With these two options being true , can i write a
>command processor using IKJEFSI,IKJEFSR ..etc. ?
>My issue is we run as a STC ...i want to be able
TSO environment entails.
John P. Baker
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Scott Ford
Sent: Sunday, February 1, 2015 2:30 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Top-Secret
Peter:
The command in question runs in TSO
On Behalf Of Charles Mills
Sent: Sunday, February 01, 2015 12:45 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Top-Secret
Ah. Then you need to LINK or whatever to IKJEFT01 passing a parm
off R1 of
'command parameters ...'
Let me know if that is too brief a description.
The above will
IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU
> ] On Behalf Of Charles Mills
> Sent: Sunday, February 01, 2015 12:45 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Top-Secret
>
> Ah. Then you need to LINK or whatever to IKJEFT01 passing a parm off R1 of
>
grade.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Charles Mills
Sent: Sunday, February 01, 2015 12:45 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Top-Secret
Ah. Then you need to LINK or whatever to IKJEFT01 passing a parm
ning "job" such as a started task.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Scott Ford
Sent: Sunday, February 01, 2015 11:30 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Top-Secret
Peter:
The command in question ru
Peter:
The command in question runs in TSO/E Option # 6 and can be executed via
IKJEFT01 in batch. With these two options being true , can i write a
command processor using IKJEFSI,IKJEFSR ..etc. ?
My issue is we run as a STC ...i want to be able to call establish a
temporary TSO environment and e
I'll remind that while you "can" build a structure that mimics the EXEC
PGM= structure and use LINK, you should not assume that using LINK will
work.
A program that is documented to work with EXEC PGM= may require that
environment and may not work via LINK.
If you're authorized, it's up to you
On Sat, 31 Jan 2015 16:27:29 -0800, Charles Mills wrote:
>Sorry. Was meant to be a private reply.
:0) ... BTDT.
In the past we would have said "no harm done". Now - everyone expects some big
data engine(s) sucking up every bit of personal data for a detailed profile.
IBM proudly trumpets being
Sorry. Was meant to be a private reply.
Charles
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
If you have ongoing problems I have good contacts at CA Security.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Scott Ford
Sent: Saturday, January 31, 2015 11:52 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Top-Secret
All:
I
Gil - Thanks for pointing that out.
Sam
On Sat, Jan 31, 2015 at 2:07 PM, Paul Gilmartin <
000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
> On Sat, 31 Jan 2015 12:17:07 -0800, Sam Siegel wrote:
> >...
> >6) ensure that all required DDs have been appropriately allocated
> >
> If this resul
On Sat, 31 Jan 2015 12:17:07 -0800, Sam Siegel wrote:
>...
>6) ensure that all required DDs have been appropriately allocated
>
If this results in DDNAME conflicts with calling program, some utilities
allow you to circumvent this with alternate DDNAME list described in
Utilities Reference.
-- gil
Scott - If TSS program is normally called via JCL with PARM=, then you
would need to do the following:
1) build parm in working storage. Binary halfword immediately followed by
data.
2) Data can be from 0 to 100 bytes in length.
3) length of data, not including length of halfword, is placed in hal
All:
I am looking for documentation on how to issue either a ‘CALL’ in Cobol or
Assembler or a LINK EP= in assembler to TSS module.
I can submit a batch ( from a running STC ) and it works find , but I would
like to perform an internal call of some sort to make our life easier.
All opinions
Greetings ,
Thank you everyone for your valuable suggestions . We are still discussing with
our customer on the possibilities of getting a consultant for this migration .
Thanks a lot !
---
rmally in CICS and/or IMS, but sometimes in batch
code), that will interface to ACF/2 and Top Secret in some pretty odd ways.
There is a well known California Utility company that had batch jobs that would
copy parts of the security files and create flat files and in one case a VSAM
"database&q
When we did our conversion we would have been able to answer 3 of these
questions as YES. Number 3 was a strong "MAYBE". The main reason we did all
of the work ourselves was that the customer agreed to let us get rid of Top
Secret in lieu of RACF, but they were not willing to spend
. Assuming talent is present, does the present staff have the time?
3. How well does the present staff 'intimately' know the content of the
Top Secret database? TS allows some liberties that RACF does not.
Significant complications can arise.
4. Are the shop exit-free? If not, is
www.lcmg.us
-Original Message-
From: Ed Gould
To: IBM-MAIN
Sent: Thu, Dec 19, 2013 4:39 pm
Subject: Re: CA Top secret to RACF conversion
Mark:
I do not care for consultants in general.
ut when you have a project such as conversion like this I will say
his.
IRE a Good consultant it is
, C. Todd (CDC/OCOO/OCIO/
ITSO) (CTR) wrote:
We did this a few years ago and I ended up writing a great deal of
REXX code to read in Top Secret reports and then create the
appropriate RACF commands. It was not an overly painful
conversion, but we did spend a couple of months testing out
o: IBM-MAIN@LISTSERV.UA.EDU,
Date: 12/19/2013 11:33 AM
Subject: Re: CA Top secret to RACF conversion
Sent by:IBM Mainframe Discussion List
On Thu, 19 Dec 2013 10:03:09 -0600, craig.p...@fotlinc.com wrote:
>http://www.redbooks.ibm.com/redbooks/pdfs/sg245677.pdf
>
>T
, if that is of interest.
>
>
On Thu, 19 Dec 2013 16:47:56 +, Burrell, C. Todd (CDC/OCOO/OCIO/ITSO) (CTR)
wrote:
>We did this a few years ago and I ended up writing a great deal of REXX code
>to read in Top Secret reports and then create the appropriate RACF commands.
>It was no
We did this a few years ago and I ended up writing a great deal of REXX code to
read in Top Secret reports and then create the appropriate RACF commands. It
was not an overly painful conversion, but we did spend a couple of months
testing out the process on our test system. I don't
@LISTSERV.UA.EDU,
Date: 12/19/2013 09:19
Subject:CA Top secret to RACF conversion
Sent by:IBM Mainframe Discussion List
Hello all ,
We are planning on a Top secret conversion project where CA top secret
needs to be replaced with RACF . We are on Z/os 1.11 .Can someone direct
Hello all ,
We are planning on a Top secret conversion project where CA top secret needs to
be replaced with RACF . We are on Z/os 1.11 .Can someone direct me towards some
good documentation or manuals to start with ?
Best Regards,
Bob
changes we are making.
Craig
From: Bill Johnson
To: IBM-MAIN@LISTSERV.UA.EDU,
Date: 11/13/2013 16:37
Subject:Re: Security (Top Secret) parm file?
Sent by:IBM Mainframe Discussion List
Are you saying that tech support makes the changes? Or just does what
security
Ebb and flow of security and urinal defense. Some shops have a maint IDs(like
VM)
that will allow them access to resources to do their jobs. What you don't want
to happen is the old paint into corner operations where one group needs to
restore a catalog and the granting resource group is out at
ed to be change..
From: Bill Johnson
To: IBM-MAIN@LISTSERV.UA.EDU,
Date: 11/13/2013 15:31
Subject: Security (Top Secret) parm file?
Sent by: IBM Mainframe Discussion List
Who should be responsible for the Top Secret (V15) parm file? For the past
10 years it has be
x27;s
knowledge of what needed to be change..
From: Bill Johnson
To: IBM-MAIN@LISTSERV.UA.EDU,
Date: 11/13/2013 15:31
Subject:Security (Top Secret) parm file?
Sent by:IBM Mainframe Discussion List
Who should be responsible for the Top Secret (V15) parm file? Fo
Who should be responsible for the Top Secret (V15) parm file? For the past 10
years it has been the security department at our shop. Is that best practice?
TIA,
Bill Johnson
--
For IBM-MAIN subscribe / signoff / archive access
74 matches
Mail list logo