yes, when I set the MVSLU01 to UACC(READ), it works ... so what can I do? If I set the MVSLU01 to UACC(READ) it's too risky for our shop
On Mon, Jul 6, 2009 at 6:37 PM, Walt Farrell<[email protected]> wrote: > On Mon, 6 Jul 2009 09:36:30 +0800, Tommy Tsui <[email protected]> wrote: > >>Hi Walt >>Here is the error message, do youw know what's going on ??? >>D NET,APING,ID=MVSLU01 >> >> >>IST097I DISPLAY ACCEPTED >>ICH408I JOB(APPC ) STEP(APPC ) 619 >> LOGON/JOB INITIATION - NOT AUTHORIZED TO APPLICATION MVSLU01 >>IST1489I APING SESSION INFORMATION 618 >>IST1490I DLU=NET1.MVSLU01 SID=FCA742C3B31EE097 >>IST933I LOGMODE=#INTER , COS=*BLANK* >>IST314I END >>IST1472I APING TRANSACTION ERROR 620 >>IST1219I RTNCD = 00, FDB2 = 0B >>IST1002I RCPRI=0004 RCSEC=0005 >>IST1473I SENSE = 080F6051 >> > > I don't know how to interpret the VTAM messages without doing some research, > but the ICH408I should indicate that a user sent in an APPC transaction, and > the user did not supply a user ID and password, and therefore the user's > attempt to access APPL (not VTAMAPPL) MVSLU01 failed. As APPC is a server, > this is not a failure of APPC to access something, but a failure of one of > APPC's clients. Since it's an unidentified user, you get the JOB/STEP in > the message. > > If you want unauthenticated users sending you APPC transactions, you'll need > to change the definition of APPL MVSLU01 to UACC(READ). Once you've done > that, it might work, or you might at least get far enough to find the next > failure (which I'll guess might be for APPCLU MVSLU01) or the one after that > (which I'll guess might be for some APPCPORT or for some APPCTP). > > Or, you might have some error in your client, where it should be sending in > a user ID and password but isn't. Or it might be sending identity > information, but you might have an error in the VTAM configuration options > for MVSLU01 or in the SESSION segment in the RACF APPCLU profile that > protects that session. > > In any case, VTAMAPPL has nothing to do with this. > > -- > Walt Farrell, CISSP > IBM STSM, z/OS Security Design > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
