Victor,
Thank *you* for posting with the resolution of a problem. Would that
everyone who reports a problem posts the eventual* resolution.
It seems that the problem is/was/may be caused by a the use of a
cryptography definition on the APPL statement similar to - or definitely the
same as - the possible problem with the cryptography start option.
I was going to leave it at that but, just for interest, I thought I'd read
up on cryptography specified at the APPL level - and almost wished I
hadn't - but it's just as well I did.
The problem is that the description of the ENCR operand of the APPL
statement is incomplete and does not show the correct default value. The
little summary of the values at the beginning of the description of the ENCR
operand does not show ENCR=COND although the later description of the
operand values does.
I first suspected that ENCR=COND may be the default and not ENCR=NONE. If
this had been so then simply by installing a cryptography product, you will
cause encryption of messages between LUs to be attempted. Alternatively you
may actually have coded ENCR=COND and the default value of ENCR is something
else.
In order to resolve this problem of how come ENCR=COND was not shown and
what the true default value was, I tried "ENCR=COND" as a search on
WWW.IBM.COM expecting to "hit" APARs - and it worked. The oldest APAR of 3
is a summary of changes to the VTAM Resource Definition Reference manual for
VTAM V4R1, with "Submitted date 1993-05-27". This, of course, is the very
manual that has signally failed to be updated in its current guise.
Here is the text from the APAR, II07015, which includes what the current
manual should say for the APPL statement ENCR operand value summary,
including an indication of the default value:
<quote>
o Application Program Major Node
- ENCR operand, p. 37, the railroad syntax is changed to show OPT as the
default value:
|
| .-ENCR=OPT--------.
| >>--+-----------------+-------------------><
| | .-OPT--. |
| '-ENCR=-+------+--'
| |-COND-|
| |-NONE-|
| |-REQD-|
| '-SEL--'
</quote>
You'll need to copy that into a text file and apply a non-proportional font
in order to see it correctly I expect.
So ENCR=OPT is the default value and the description of ENCR=OPT reads as
follows:
<quote>
ENCR=OPT
Specifies that the application program has no special cryptographic
requirements; its cryptographic capability is the same as the host
processor's capability.
</quote>
What does host processor's capability mean I wonder. This could be a rather
obscure way of saying that the value of the ENCRYPTN start option is used to
define the level of cryptography that will be used. Where does that leave
us? Back with my original reply for which nevertheless I can't really claim
any credit.
Checking back to the ENCRYPTN start option, if you really don't want VTAM to
be using encryption, you had better specify ENCRYPTN=NO. In addition, with
ENCRYPTN=YES, the default, and with a cryptography product installed and if
that product supports (only?) 24-bit addressing mode, you will/may find that
your VTAM I/O buffers can use only 24-bit storage - which you almost
certainly also don't want.
My conclusion to this is that I think I'm going to have a go at rattling the
cage of the VTAM manual authors who have, in my opinion, been caught "bang
to rights, m'lud, guilty as charged".
* I am here using the word "eventual" in the English sense rather than the
French sense and very probably the sense in other European languages. In
other words, I am not taking about a *possible* resolution but an *actual*
resolution. The word "eventual" is one of those "false friends" which can
cause massive confusion.
Chris Mason
----- Original Message -----
From: "Víctor de la Fuente" <[EMAIL PROTECTED]>
Newsgroups: bit.listserv.ibm-main
To: <[email protected]>
Sent: Tuesday, 07 March, 2006 1:26 PM
Subject: Re: Annoying ICSF-RACF message
Hi Chris!
I'm not an expert with VTAM, but I was investigating and I'm almost sure the
'problem' is there are several VTAM APPLs defined with ENCRYPTION optional.
I readed when two APPLs are defined as OPTIONAL, if there is some
cryptographic software installed on the system, they try to use it. But they
have no RACF permission to use ICSF, so there was the problem.
Thank you very much!
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
