On 2/24/2006 12:46 PM, Jim Keohane wrote:
Has anyone heard of R_Admin/IRRSEQ00 invoking ACF2 or TSS at least for just
a TSO admin command via function code ADMN_RUN_COMD?
R_Admin/IRRSEQ00 is a SAF Callable Service. The SAF implies some standard usage
across different ESM's (external security managers) like RACF, ACF2 & Top
Secret.
No, SAF does not imply that. It implies that the other security
products -should- support the function, but whether they -do- or not is
entirely up to them.
R_admin is a bit of an oddity, since with the exception of the "run
command" option it is quite RACF-specific in format. However, the other
security products could support that one, if they wish to, and they
could (again if they wish) do some kind of mapping of the more
structured formats into their own terms.
I think IRRSEQ00 invokes IRRREQ00 under the covers to invoke RACF. Is there
an ACF2 or TSS version of IRRREQ00? Does ACF2 or TSS use the pre-RACF exit to
massage RACF parameters?
RACF provides IRRREQ00. But that's too a level to look at. IRRSFR10
(the SAF2 callable service router) invokes whatever the SAF vector table
points to. The security product initialization routines fill in the
address in the SAF vector table. RACF provides the address of IRRRFR10
in the vector table in order to support the callable services. ACF2 and
Top Secret would supply their own addresses.
RACF's IRRFRF10 happens to invoke IRRREQ00 (a module also supplied by
RACF). ACF2 or Top Secret would invoke whatever module they want, or no
module at all if they do not want to support a particular function.
I assume TSOLINK (IKJEFTxx?) can be used to issue ACF2/TSS TSO commands but
prefer to use IRRSEQ00/R_Admin in some instances.
I have no idea whether either approach would work.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
