On 3/7/2006 3:12 AM, Víctor de la Fuente wrote:
We have annoying RACF-error messages for some time. These are related to
ICSF. They look like...
ICH408I JOB(VTAM ) STEP(VTAM1D ) CSFKGN CL(CSFSERV )
INSUFFICIENT ACCESS AUTHORITY
FROM CSF* (G)
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
I can't answer your question, but I will point out that the ICH408I says
JOB and STEP, rather than USER and GROUP, which may indicate that your
VTAM started proc is running without a RACF identity. In order to grant
access, if you want to do so, you would need to correct that setup
problem, using either ICHRIN03 or (preferrably) the STARTED class.
There is, however, also the possibility that VTAM is accessing the
crypto functions while acting as a server on behalf of some other
address space or remote client that does not have a RACF identity. You
may want to look at the messages generated when VTAM started to
determine which case applies to you.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
