Thanks much folks, Alan Altmark provided a detailed response on VMESA-L.
-Mike _____ From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Gary Detro Sent: Friday, June 12, 2009 10:01 AM To: [email protected] Subject: Re: RACF and Linux for z/Series You do Not need the H-Asm for RACF on z/VM. You would only need it if you want to make local modifications to the RACF environment. Without HASM you can run in one of two modes, very light RACF involvement or turn it on to have RACF manage almost everything in z/VM (Appendix C documents the method to change the default of DEFER to FAIL. See the z/VM Secure Configuration Guide (SC24-6148) and the RACF program directory. The program directory will list everything that requires HASM as an optional step. HCPRWA Assemble is the key file, notice everything is set to DEFER: HCPRWA RB0L0001 E1 F 80 Trunc=80 Size=137 Line=120 Col=1 Alt=2 ====> 120 SYSSEC , X 121 DISKP=ALLOW,DISKU=DEFER,DISKF=FAIL,DISKW=DEFER,DISKM=ON,X 122 RDRP=ALLOW,RDRU=DEFER,RDRF=FAIL,RDRW=DEFER,RDRM=ON, X 123 NODEP=ALLOW,NODEU=DEFER,NODEF=FAIL,NODEW=DEFER,NODEM=ON,X 124 CMDP=ALLOW,CMDU=DEFER,CMDF=FAIL,CMDW=DEFER,CMDM=ON, X 125 LANP=ALLOW,LANU=DEFER,LANF=FAIL,LANW=DEFER,LANM=ON 126 SPACE 3 Adding HCPRWAC to CP will change HCPRWA to the following: HCPRWA RB0L0001 E1 F 80 Trunc=80 Size=137 Line=120 Col=1 Alt=2 ====> 120 SYSSEC , X 121 DISKP=ALLOW,DISKU=FAIL,DISKF=FAIL,DISKW=FAIL,DISKM=ON, X 122 RDRP=ALLOW,RDRU=FAIL,RDRF=FAIL,RDRW=FAIL,RDRM=ON, X 123 NODEP=ALLOW,NODEU=FAIL,NODEF=FAIL,NODEW=FAIL,NODEM=ON, X 124 CMDP=ALLOW,CMDU=FAIL,CMDF=FAIL,CMDW=FAIL,CMDM=ON, X 125 LANP=ALLOW,LANU=FAIL,LANF=FAIL,LANW=FAIL,LANM=ON 126 SPACE 3 Thanks, Detro From: Thomas David Rivers <[email protected]> To: [email protected] Date: 06/12/09 08:49 AM Subject: Re: RACF and Linux for z/Series _____ Hi Mike, It's my understanding that for RACF on z/VM you need an assembler. We have several customers using the Dignus assembler on z/VM for this very purpose, to avoid the purchase price of HLASM on z/VM. HLASM used to be a no-cost item on z/VM but now it carries a cost. So, if you decide to go the "RACF on z/VM" road, we can help with that component. - Dave Rivers - > (Cross posted on VMESA-L and LINUX-390) > > Hi Folks, > > I have a couple of questions on using IBM's RACF as an ESM for Linux > (z/Series or otherwise)? > > 1. There is NO version of the RACF product that runs on Linux. The > RACF server must be licensed for and run on a supported platform (e.g. > z/OS or z/VM). Is that correct? If z/VM, it must be 5.4 or higher? > 2. If the RACF server runs on z/VM, are there any other licensed > program products that are co-requisite? Is the same true for z/OS-based > RACF servers? > 3. Are there any licensed program products that must be installed > on Linux? I see reference to IBM Tivoli Directory Server, but it's > unclear if this runs on the Linux instances or the z/Series RACF hosts. > > -TIA > > -Mike > -- [email protected] Work: (919) 676-0847 Get your mainframe programming tools at <http://www.dignus.com/> http://www.dignus.com ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit <http://www.marist.edu/htbin/wlvindex?LINUX-390> http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
<<ATT2882686.gif>>
