Beware that that certain link-edit attributes such as RENT behave differently if the module is in an apf authorized Linklist or just a regular loadlib. Some attributes are only enforced for an apf authorized linklist - at least they were a few releases of z/os ago - I have not tried them out recently.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Frank Swarbrick Sent: Tuesday, August 04, 2009 2:38 PM To: [email protected] Subject: auth program test (was Re: authorize name/token service) Thanks! Just goes to show you I am not a systems programmer. Anyway, that makes my test even simpler. I wrote a small assembler routine that simply does MODESET KEY=ZERO followed by MODESET KEY=NZERO. I then call this from my Cobol program. (Probably could have just written this as a main program and executed it directly, but...) Anyway, with the Cobol program in PROD.APPL.LOADLIB if I execute it with JOBLIB = PROD.APPL.LOADLIB then I get an S047 "A non-APF-authorized program attempted to use a system service that requires APF authorization. The attempted function was not performed, and the program was immediately terminated." If I drop the JOBLIB and execute it directly out of LNKLST then the MODESET succeeds. These are expected results with LNKAUTH=LNKLST and the program being linked AC=1. Now all I need to do is have LNKAUTH changed to APFTAB to show that I get the S047 in both situations. Please note, I did this not because I didn't believe the answers I received to my query about LNKAUTH=LNKLST versus LNKAUTH=APFTAB. I did. I just need to be able to prove that LNKAUTH=APFTAB will make it so that I can have this library in the LNKLST and still not be authorized. Thanks again, Frank -- Frank Swarbrick Applications Architect - Mainframe Applications Development FirstBank Data Corporation Lakewood, CO USA P: 303-235-1403 F: 303-235-2075 On 8/4/2009 at 10:50 AM, in message <[email protected]>, Binyamin Dissen <[email protected]> wrote: > On Tue, 4 Aug 2009 10:42:45 -0600 Frank Swarbrick > <[email protected]> wrote: > > :>This is a test, this is only a test. I want to perform this only so I can > then be locked out from performing this. I am trying to use a Cobol program > to create a system level token (level 4). This program can successfully > create lower level tokens (levels 1, 2 and 3). I am linking with AC=1 into > the library PROD.APPL.LOADLIB. See below: > > APF is not enough. You must also MODESET to supervisor state or a system > key. > > -- > Binyamin Dissen <[email protected]> > http://www.dissensoftware.com > > Director, Dissen Software, Bar & Grill - Israel > > > Should you use the mailblocks package and expect a response from me, > you should preauthorize the dissensoftware.com domain. > > I very rarely bother responding to challenge/response systems, > especially those from irresponsible companies. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html >>> The information contained in this electronic communication and any document attached hereto or transmitted herewith is confidential and intended for the exclusive use of the individual or entity named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any examination, use, dissemination, distribution or copying of this communication or any part thereof is strictly prohibited. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
