Prior to z/OS R8, the RACROUTE REQUEST=VERIFYX that JES issues to
"authenticate" the job as it's read in occurred in the JES address space.
Effective with z/OS R8 that processing now happens in the submitter's
address space, which can result in messages coming out on a TSO session that
used to only come out in the job log, if the security product recognizes
that it was called from a TSO session and decides to issue a TPUT or WTO
with route code 11.
I think this might also occur in RACF, unless we've fixed it. We did fix
one such case, but might have others that remain.
This is something you'll need to address with the CA support folks, but this
should at least get you/them started down the right path.
--
Walt Farrell, CISSP
IBM STSM, z/OS Security Design
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
