On Sun, 15 Mar 2015 18:07:49 -0700 Charles Mills <[email protected]> wrote:
:>Wish the authorized-only chore could be done *before* the called program. :>Then I could set off JSCBAUTH before the LINK (or XCTL), but it probably has :>to be done after. Need to do a little more research. Yes, you can do what CICS does - turn off JSCBAUTH, go to problem state/key and you are no longer authorized. Issues with using RSAPF include making sure that all your (APF) storage is in system key - once the subtask runs you cannot use user key storage safely (as the attached routine may have altered it). :>-----Original Message----- :>From: IBM Mainframe Discussion List [mailto:[email protected]] On :>Behalf Of Shmuel Metz (Seymour J.) :>Sent: Sunday, March 15, 2015 2:52 PM :>To: [email protected] :>Subject: Re: APF-authorized calling non-authorized :> :>In <[email protected]>, on 03/15/2015 :> at 11:37 AM, Charles Mills <[email protected]> said: :> :>>What do you suggest? :> :>Can you package the things that require authoriztion as an AC(1) TSO command :>with authorization checking, then have X invoke both that and Y? -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
