Re: TSO Setup on SSH

Hello Paul, Thanks. So, in pcom session I should use o 992 instead of telnet port 23 which we are currently using it. If yes, then also suggest what more changes we need to make to have 992 tso connection work to access tso On Nov 22, 2016 10:27, "Paul Gilmartin" <

Re: TSO Setup on SSH

On Tue, 22 Nov 2016 11:22:54 +0530, venkat kulkarni wrote: >Thanks. As I am in process of setting up open ssh on our zos system and now >I am able to log in to system on once using my tso I'd with ssh port 22. >But was not able to connect to tso with port 22 by making changes in pcom >session

Re: TSO Setup on SSH

On Tue, 22 Nov 2016 14:20:34 +0800, Timothy Sipples wrote: > >In contrast, TN3270E tunneling over SSH is not that common. The >SSH Tectia Server for z/OS, a commercial product, officially supports 3270 >tunneling over SSH. As far as I know the OpenSSH server included with z/OS >2.2, and its

Re: TSO Setup on SSH

That's not how TN3270E protocols typically work. If you want encrypted TN3270E sessions (you should!), I recommend you enable TLS/SSL-encrypted TN3270E. That capability has been available for two decades now at no additional charge, starting way back in the OS/390 days, and progressively improved

Re: TSO Setup on SSH

On Mon, 21 Nov 2016 23:03:17 -0700, Jack J. Woehr wrote: > >However, on the PCOMM workstation, *if* you have ssh, you can do an ssh port >redirect first, and then you can get >through to the Telnet3270E port on your z/OS machine. > I believe that requires an ssh *server* on the workstation.

Re: TSO Setup on SSH

venkat kulkarni wrote: So, I wanted to take help of expert to make this tso connection work with port 22. Please correct me if my understanding is wrong Well, I'm hardly an "expert". SSH and secure Telnet3270E essentially use the same security technology, that is, OpenSSL. Secure Telnet3270E

Re: TSO Setup on SSH

On Tue, 22 Nov 2016 11:12:51 +0530, venkat kulkarni wrote: >It's on live system not on zpdt. But as I mentioned before I would like to >use secure port 22 to connect with tso instead of telnet port 23. > >Please suggest me the way to make this connection work. > Can you get a secure connection

Re: TSO Setup on SSH

Thanks. As I am in process of setting up open ssh on our zos system and now I am able to log in to system on once using my tso I'd with ssh port 22. But was not able to connect to tso with port 22 by making changes in pcom session connection. So, I wanted to take help of expert to make this tso

Re: TSO Setup on SSH

venkat kulkarni wrote: It's on live system not on zpdt. But as I mentioned before I would like to use secure port 22 to connect with tso instead of telnet port 23. Please suggest me the way to make this connection work. Don't you just want secure TN3270e? You don't need SSH itself.

Re: TSO Setup on SSH

On 22/11/2016 1:42 PM, venkat kulkarni wrote: It's on live system not on zpdt. But as I mentioned before I would like to use secure port 22 to connect with tso instead of telnet port 23. Please suggest me the way to make this connection work. There is no way that I know of. Are you sure you

Re: TSO Setup on SSH

It's on live system not on zpdt. But as I mentioned before I would like to use secure port 22 to connect with tso instead of telnet port 23. Please suggest me the way to make this connection work. On Nov 22, 2016 08:17, "Amrith" < 00ae6d97fc6e-dmarc-requ...@listserv.ua.edu> wrote: > I think

Re: TSO Setup on SSH

I think thats the way it's supposed to be used, you can try using putty if you want to. Are you on real iron or zPDT ? On Tuesday, November 22, 2016 10:22 AM, venkat kulkarni wrote: Hello, Thanks for reply. Sorry for not being clear. Basically I want to

Re: TSO Setup on SSH

On Tue, 22 Nov 2016 10:22:09 +0530, venkat kulkarni wrote: > >Thanks for reply. Sorry for not being clear. Basically I want to use SSH >with port 22 duribg accessing tso using pcom session. Currently we use >telnet with port 22. > Looking at an arbitrarily selected /etc/services I see: ssh

Re: TSO Setup on SSH

On Tue, 22 Nov 2016 08:04:06 +0530, venkat kulkarni wrote: > >We are setting up open SSH with our z/OS system and we are done with making >connection to omvs using SFTP and transfer file to the system and vice >versa. > >But, I still not able to find way to setup secure connection to TSO using

Re: TSO Setup on SSH

Hello, Thanks for reply. Sorry for not being clear. Basically I want to use SSH with port 22 duribg accessing tso using pcom session. Currently we use telnet with port 22. On Nov 22, 2016 06:11, "Paul Gilmartin" < 000433f07816-dmarc-requ...@listserv.ua.edu> wrote: > On 2016-11-21 19:34,

Re: TSO Setup on SSH

On 2016-11-21 19:34, venkat kulkarni wrote: > Hello Group, > > We are setting up open SSH with our z/OS system and we are done with making > connection to omvs using SFTP and transfer file to the system and vice > versa. > > But, I still not able to find way to setup secure connection to TSO

TSO Setup on SSH

Hello Group, We are setting up open SSH with our z/OS system and we are done with making connection to omvs using SFTP and transfer file to the system and vice versa. But, I still not able to find way to setup secure connection to TSO using port 22 ( SSH). Can you please help me to define this

Re: EXTERNAL: Re: Catalogs in a SYSPLEX

All of my Sysplexes each have a shared single MCAT per plex. Setting up a Sysplex is probably where the recommendation to a single MCAT is located. In an emergency the LOADxx can be edited to point to any other MCAT and they will all serve to get a system up and running. Additionally in each

Re: Catalogs in a SYSPLEX

So what is the intent of your configuration? To take advantage of all the wonderfulness that is SYSPLEX :) Separate but equal? Or are they running from a common SYSRES Set? Other??? We will have 2 systems that are identical. They are going to have a common SYSRES with a secondary SYSRES to

Re: Catalogs in a SYSPLEX

You can do either and will some associated issues. Here are some: If you have a MCAT for each LPAR you will have so many MCAT's + its backup to maintain and garbage in it piles up with time. If you have a shared MCAT, you need to maintain one MCAT/SYSPLEX and one backup.At the time of z/OS

Re: Catalogs in a SYSPLEX

By using INDIRECT CATALOG you can use different SYSRES Sets, but the same SYS1.** names. Lizette -Original Message- >From: Lizette Koehler >Sent: Nov 21, 2016 3:10 PM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Re: Catalogs in a SYSPLEX > >So the answers are > >

Re: Catalogs in a SYSPLEX

Biggest problem I see with multiple master catalogs is that you have to keep entries in synch. First time you debug a weird problem resulting from out-of-synch catalogs, I think you'll want a single one. As for installing software maintenance, you should alternate between (at least) two

Re: Catalogs in a SYSPLEX

So the answers are It depends on what you want to do Your milage May Vary (YMMV) If you want to access the datasets from either Plex easily, a Shared Master is okay. Remember the master cat should only have Aliases to usercats, and SYS1 datasets for that environment. If you want

Re: Catalogs in a SYSPLEX

I was doing some research and I cannot seem to find any specific mention of using a single shared master catalog in the manuals. It doesn't mean I was looking in the correct manuals it just means that what I had been told may not be 100% accurate. The manuls do seem to IMPLY that a shared

Re: Catalogs in a SYSPLEX

We currently have a 2 LPAR sysplex and the master catalog in not shared. Prior to this job I worked at a shop where we supported sysplexes from a single system to up to 10 LPARs in a single sysplex. The master catalogs were not shared , I think I would put forth one big reason for not sharing

Re: Catalogs in a SYSPLEX

A lot depends on whether you're creating a net new member or combining two existing systems into a single plex. As I said in a previous thread, combining systems is very tough unless you're willing to put up with the vagaries of a 'bronze-plex'. If you're creating a new system, you can clone

Re: Catalogs in a SYSPLEX

At our shop we have three master catalogs in the same sysplex. We run three "levels" of lpars and the master catalogs are by level. Our three tech lpars share a master catalog. Our three application test lpars share a different master catalog. Our 6 production lpars share a different master

Catalogs in a SYSPLEX

We are creating a SYSPLEX of two systems and there seems to be some debate about using a single shared master catalog or multiple master catalogs on each system. The IBM manuals recommend a single shared master catalog but our CE has been advocating multiple catalogs. What are the pros and cons

Re: ASMA033I Storage alignment for unfavorable for dependent DSECT?

On Sun, 20 Nov 2016 22:42:16 +0200, Binyamin Dissen wrote: >I am receiving > >ASMA033I Storage alignment for @DDNTXTU.S99TUPAR unfavorable > >where the value of S99TUPAR is 6, but it is a dependent using and the actual >offset is at a doubleword boundary. > >Working

Re: Which STEPLIB concatenation is not authorized?

On Mon, 21 Nov 2016 09:33:20 -0800, Ed Jaffe wrote: >However, it's not trivial to determine from where you were loaded. It >could be STEPLIB/JOBLIB, it could be LPA, it could be LNKLST. It shouldn't be that hard if you know the member name. Create a DCB for STEPLIB and open it. If that works,

Re: Which STEPLIB concatenation is not authorized?

On 11/21/2016 8:27 AM, Charles Mills wrote: Exactly. That is what I intend to do. Charles John McKown wrote: THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME volser BEING ON THE STEPLIB/JOBLIB​. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT APF AUTHORIZED. ... or

Re: Which STEPLIB concatenation is not authorized?

I believe that's the right approach. For now anyway. You have control. You can build a common routine that any APF product can call during initialization. If IBM ever comes up with a more general solution, you can revisit your solution. . . J.O.Skip Robinson Southern California Edison Company

Re: Which STEPLIB concatenation is not authorized?

One caveat. APF can be modified dynamically without updating PARMLIB. Not necessarily an error if it's the first try with a new application, although in practice it's a red flag. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager

Re: Which STEPLIB concatenation is not authorized?

Exactly. That is what I intend to do. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: Monday, November 21, 2016 2:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not

Re: ASMA033I Storage alignment for unfavorable for dependent DSECT?

I don't do 64Bit stuff at this point. But, as soon as I can today, I'll go look at the DSECTs... Sent from my iPhone > On Nov 21, 2016, at 12:03 AM, Binyamin Dissen > wrote: > > It is properly aligned in the main dsect. > > ZZZ DSECT >

Re: DFSMSdss DUMP and extended format

http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.idad400/coefsds.htm It uses the LBI (Large Block Interface). On Mon, Nov 21, 2016 at 9:25 AM, R.S. wrote: > Since (FAIK) z/OS 1.12 times DSS DUMP output dataset can be extended format > PS. >

DFSMSdss DUMP and extended format

Since (FAIK) z/OS 1.12 times DSS DUMP output dataset can be extended format PS. It's strange: When you omit blocksize (use SDB), the blocksize of the dump dataset will be 27998, for PS, PS-LARGE, and for extended format PS. However for ext-fmt PS there is *one block per track*. Yes, when you

Re: Which STEPLIB concatenation is not authorized?

Not only STEPLIB (and JOBLIB) but also any tasklib, which in fact can be any ddname. And then the problem arises: when should the 'non-apf warming' be issued? You could have a ddname with a concatenation of loadlibraries, that are never going to be used to LOAD modules from, so the warning is

Re: Which STEPLIB concatenation is not authorized?

John McKown wrote: >​But I can see where it would be _very_ nice if an application to do a >TESTAUTH to make sure that it is APF authorized. And, if not, then put out a >message similar to: >THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME >volser BEING ON THE

Re: LDAP on z/os

On Mon, Nov 21, 2016 at 7:27 AM, Tom Marchant < 000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote: > On Sun, 20 Nov 2016 09:28:40 -0600, Walt Farrell wrote: > > >... and may seriously hurt the performance, reliability, and availability > of your z/OS > >system and the applications running on

Re: Which STEPLIB concatenation is not authorized?

On Mon, Nov 21, 2016 at 7:21 AM, Charles Mills wrote: > > > YOU say it's all authorized. z/OS says it's not. Let's think who's > probably right here. > ​I agree, but I have a couple of friends who are / were in level 1​ support. You'd be amazed by stories of ignorance and

Re: LDAP on z/os

On Sun, 20 Nov 2016 09:28:40 -0600, Walt Farrell wrote: >... and may seriously hurt the performance, reliability, and availability of >your z/OS >system and the applications running on it. Not to mention relying on a platform that is more subject to hacking than a properly configured z/OS

Re: Which STEPLIB concatenation is not authorized?

YOU say it's all authorized. z/OS says it's not. Let's think who's probably right here. CharlesSent from a mobile; please excuse the brevity Original message From: Peter Relson Date: 11/21/16 2:12 PM (GMT+01:00) To: IBM-MAIN@LISTSERV.UA.EDU

Re: Which STEPLIB concatenation is not authorized?

>Would YOU buy a product from a vendor that talked to >you like that? Maybe not. But why wouldn't helpful technical support say "please issue DISPLAY PROG,APF and let me see the output so that I can help you figure out what is wrong?" How do you think conversations go for just about anyone when

Re: Which STEPLIB concatenation is not authorized?

On Sun, 20 Nov 2016 13:41:20 -0600, Paul Gilmartin wrote: >On Sun, 20 Nov 2016 17:01:43 +, Jesse 1 Robinson wrote: > >>the requirements for APF concatenation were invented to protect the customer >> >The particular implementation protects the customer from nothing. Of course it does. Your

Re: Verifying callers Parameter Address upon entry to a PC Service Routine

It is frankly a bit scary to have this question being asked like this, since this is being asked by the owner of authorized code. Karl Schmitz of IBM has given many presentations to many customers and vendors on system integrity. This is a very basis system integrity question, the answer to

Re: Verifying callers Parameter Address upon entry to a PC Service Routine

Although performing validation in your interface routine is never a bad thing, the real validation must *always* be done in the PC routine itself as someone might attempt to invoke your PC by crafting the parameter list manually outside of your interface. Always access caller data in the key

InfoSphere Classic CDC for z/OS

Does anyone have any experience with the above software, as a tool to capture updates to a "classic" VSAM file on the mainframe and propagate them to a open-systems data base? Thanks, Steff Gladstone -- For IBM-MAIN subscribe /