Yes, we tried that, and on our test plexes‎, but to no avail. As you say, it can generate tons of output, but unfortunately nothing to explain the problem.
We think now that different products use different ciphers to encrypt the session key, thus don't get the same answer. Andy Styles z/Series Systems Programmer Original Message From: Lizette Koehler Sent: Monday, 5 December 2016 18:36 To: [email protected] Reply To: IBM Mainframe Discussion List Subject: Re: JES2 NJE Security -- This email has reached the Bank via an external source -- You might look at the $TDEBUG command in JES2. There is a parm that allows security messages to display from JES2. It is humongous - so do not leave it on too long. It can flood syslog (and spool) Lizette > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Styles, Andy (SD EP zPlatform) > Sent: Monday, December 05, 2016 1:30 AM > To: [email protected] > Subject: Re: JES2 NJE Security > > Classification: Public > That's exactly what we're doing - using the APPCLU class. We've asked CA, and > they're looking into it (I believe, that's the domain of the security folks), > but I wondered whether we're bleeding edge here or if anyone else had tried to > do it.. > > Andy Styles > z/Series Systems Programmer > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Walt Farrell > Sent: 03 December 2016 13:54 > To: [email protected] > Subject: Re: JES2 NJE Security > > -- This email has reached the Bank via an external source -- > > > On Fri, 2 Dec 2016 13:58:40 +0000, Styles, Andy (SD EP zPlatform) > <[email protected]> wrote: > > >We're trying to put some security in place around JES2 NJE nodes, using the > SIGNON=SECURE option (on the NODE statement). We've got it working RACF to > RACF, but are having difficulty with a couple of other security managers, > where the password stored in RACF doesn't appear to be accepted by the other > ESM. > > > >Does anyone else have a mix of security managers, and use SIGNON=SECURE > successfully? > > Just to be clear, I think you're talking about configuring your NJE signon > security as described at > http://publibz.boulder.ibm.com/cgi- > bin/bookmgr_OS390/BOOKS/has2a396/5.3.2.6?SHELF=all13be9&DT=20120815121029 > or > http://preview.tinyurl.com/jzbdwax > > I don't know if that will work with a mix of RACF and other security products. > If CA supports the use of APPCLU session keys and you've configured the non- > RACF systems according to the CA documentation, then I would expect it to > work. I have no idea, though, whether CA supports that function, nor how it > would be configured. You might need to contact CA for assistance. > > -- > Walt > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC95000. Telephone: 0131 225 4555. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone 0207626 1500. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Telephone: 03457 801 801. Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales 2299428. Telephone: 0345 603 1637 Lloyds Bank plc, Bank of Scotland plc are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. Cheltenham & Gloucester plc is authorised and regulated by the Financial Conduct Authority. Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds Bank plc. HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC218813. This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments. Telephone calls may be monitored or recorded. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
