You might look at the $TDEBUG command in JES2. There is a parm that allows security messages to display from JES2.
It is humongous - so do not leave it on too long. It can flood syslog (and spool) Lizette > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Styles, Andy (SD EP zPlatform) > Sent: Monday, December 05, 2016 1:30 AM > To: [email protected] > Subject: Re: JES2 NJE Security > > Classification: Public > That's exactly what we're doing - using the APPCLU class. We've asked CA, and > they're looking into it (I believe, that's the domain of the security folks), > but I wondered whether we're bleeding edge here or if anyone else had tried to > do it.. > > Andy Styles > z/Series Systems Programmer > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Walt Farrell > Sent: 03 December 2016 13:54 > To: [email protected] > Subject: Re: JES2 NJE Security > > -- This email has reached the Bank via an external source -- > > > On Fri, 2 Dec 2016 13:58:40 +0000, Styles, Andy (SD EP zPlatform) > <[email protected]> wrote: > > >We're trying to put some security in place around JES2 NJE nodes, using the > SIGNON=SECURE option (on the NODE statement). We've got it working RACF to > RACF, but are having difficulty with a couple of other security managers, > where the password stored in RACF doesn't appear to be accepted by the other > ESM. > > > >Does anyone else have a mix of security managers, and use SIGNON=SECURE > successfully? > > Just to be clear, I think you're talking about configuring your NJE signon > security as described at > http://publibz.boulder.ibm.com/cgi- > bin/bookmgr_OS390/BOOKS/has2a396/5.3.2.6?SHELF=all13be9&DT=20120815121029 > or > http://preview.tinyurl.com/jzbdwax > > I don't know if that will work with a mix of RACF and other security products. > If CA supports the use of APPCLU session keys and you've configured the non- > RACF systems according to the CA documentation, then I would expect it to > work. I have no idea, though, whether CA supports that function, nor how it > would be configured. You might need to contact CA for assistance. > > -- > Walt > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
