On Thursday, 10/28/2010 at 12:24 EDT, Jim Bohnsack <[email protected]> wrote: > I'm still struggling in my attempt to set up or correct something that > I've screwed up in BFS and/or RACF to allow BFS to be able to support > SSL on z/VM 5.4. I've been told by IBM I need to work thru the > Controlling OpenExtensions and BFS Security chapter in the RACF Security > Admin. Gde, ch 14 for the 5.4 doc or ch 12 for the 6.1 doc. IBM > referenced the 6.1 doc even tho I told them I'm working with 5.4. > > My immediate question is under the heading, "Setting up Support for > OpenExtensions" , p 214 of the 6.1 level manual, where it says: > > 3. Identify your BFS service machine user IDs to RACF: > a. Create a profile called POSIXOPT.SETIDS in the VMPOSIX class. > b. Permit the BFS service machine user IDs. > c. If it is not active already, activate the VMPOSIX class. > > This is where the Dummies question arises. What are the BFS service > machines as they relate to SSL use. Are they the VMSERVS, U, and R > userids? Are they GSKADMIN and/or SSLSERV. Is TCPIP involved since > it's in the area of TCPIP where my PUT2PROD fails.
They are VMSERVS and VMSERVU. The POSIXOPT.SETIDS permission is used instead of the POSIXOPT SETIDS ALLOW that is in their directory entries. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 [email protected] IBM Endicott
