Hi, All,
Posted this to RACF-L earlier, but thought I might get some input from
here, too.
_____________________________________________
Hi, All,
Installing the RACF Adapter for Tivoli Identity Manager
(TIM), and have reached this point:
User ID propagation The adapter running in UNIX System
Services must have the ability to propagate the RACF user ID it is
running as, to the APPC/MVS environment. This is accomplished through
the definition of one or more profiles in the RACF APPCLU general
resource class.
All of the examples in that section are of the form:
RDEFINE APPCLU netid.baselu.baselu
SESSION(CONVSEC(ALREADYV) SESSKEY(xxxxxxxx))
These examples suggest that coding SESSKEY( ) is
"required", but the syntax diagram in the RACF CLR shows SESSKEY as
"optional". Indeed, of the few APPC/MVS transactions we have defined
already, none have an APPCLU profile defined. The APPCLU class is
active, but empty.
Since both ends of TIM's APPC/MVS conversation will
reside in the same z/OS image, would a SESSKEY really be "needed"? If
so, is the value something that needs to be "generated" somehow, or is
it just an arbitrary string of 8 characters?
Any adverse consequences of -not- creating the APPCLU
profile(s)?
TIA,
-jc-
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
