On Mon, 27 Apr 2015 12:05:47 -0500, Donald Likens
wrote:
>What am I missing? Isn't PLO Function Codes 16-19 (Compare and Swap and Double
>Store) updating three locations?
>
>Direct out of the "Principle of Operations":
>
>The first-operand comparison value is compared
>to the second operand. Wh
On Tue, 21 Apr 2015 16:39:00 +, Rob Scott wrote:
>No matter what you fiddle about with in SWA, these GRS resource manager
>routines will enable GRS to cleanup any underlying
>resources obtained by the task or address space.
Yes, but only for abnormal termination of the Initiator TCB, or fo
On Wed, 8 Apr 2015 07:38:53 -0500, Bruce Hewson
wrote:
>jumping in before I have read all posts this thread.
>
>I hope your BATCH TSO USERID is maximum 7 characters, as an 8 character USERID
>will not work correctly for BATCH TSO.
>
Small correction: batch TSO works just fine running with an 8
On Tue, 7 Apr 2015 17:26:48 -0300, Lucas Rosalen
wrote:
>CSDOMVS.JAVA64.NACB.VZRES21.SAJV17L.ZFS is one of many datasets present in
>the dump dataset and I don't have CSDOMVS ALIAS defined to my system, and
>no RACF profile protecting it as well.
If there's no RACF profile protecting CSDOMVS.JA
On Thu, 19 Mar 2015 18:43:45 -0500, Dale R. Smith
wrote:
>
>If you are not adverse to chasing MVS control blocks from COBOL code, (instead
>of using a system interface like RDJFCB), then take a look at some sample
>COBOL code written by Gilbert Saint-Flour at the bottom of this page:
>http:/
On Tue, 17 Mar 2015 09:14:56 -0500, John McKown
wrote:
>I just had a thought (and it's lonely). You start off APF authorized,
>key 8 as a "normal" APF program. You want to run program "B" from the
>STEPLIB, but without APF authorization. Perhaps the simplest way is to
>use SYNCHX something like:
On Tue, 17 Mar 2015 13:28:29 -0500, John McKown
wrote:
>On Tue, Mar 17, 2015 at 10:43 AM, John McKown
> wrote:
>>
>> Being a paranoid heretic, I would go the UNIX route and figure out a
>> way to run the untrusted code in a child process in another address
>> space by using fork() and, likely, a
On Tue, 17 Mar 2015 17:58:16 +0100, Thomas Berg wrote:
>May an ignorant peek in here... :)
>
>Just as a concept and theoretically; wouldn't a way to secure that the key 8
>storage is untouched is to save a hash of the content in >system key area
>(with a random salt) ? Then just compare the ha
On Tue, 17 Mar 2015 10:43:14 -0500, John McKown
wrote:
>All of the above is very true. But as I understand the original
>problem, it is how to run untrusted code in the same address space as
>APF authorized code. IMO, this, in and of itself, is a possible?
>integrity exposure in z/OS. The only r
On Tue, 17 Mar 2015 13:01:42 -0500, John McKown
wrote:
>Now that I think on it, one could "mess up" the "rogue" programs
>attempts to modify an RSA by deliberately messing up the savearea
>chain pointers in the save area pointed to by TCBFSA to defeat forward
>save area chaining (perhaps copying
On Tue, 17 Mar 2015 11:19:56 -0400, Tony Harminc wrote:
>On 17 March 2015 at 10:52, John McKown wrote:
>>> Of course, after this snippet the authorized section cannot trust the
>>> contents
>>> of any key8 storage.
>>>
>>
>> Yes, I can see how that can be true. Of course, I don't know of a
>> _
On Tue, 17 Mar 2015 08:40:51 -0500, John McKown
wrote:
>On Tue, Mar 17, 2015 at 8:18 AM, Shmuel Metz (Seymour J.)
> wrote:
>> In <5c91d5e7-95b6-439d-87a7-111003a2f...@comcast.net>, on 03/16/2015
>>at 10:52 PM, Ed Gould said:
>>
>>>Legally "no" but it can be done .
>>
>> You can, legally, tu
On Tue, 17 Mar 2015 09:14:56 -0500, John McKown
wrote:
>I just had a thought (and it's lonely). You start off APF authorized,
>key 8 as a "normal" APF program. You want to run program "B" from the
>STEPLIB, but without APF authorization. Perhaps the simplest way is to
>use SYNCHX something like:
On Mon, 16 Mar 2015 18:30:19 +, Cannaerts, Jan
wrote:
>As for my problem;
>
>I have made a small test program that holds a piece of storage paged in
>memory, it spits out the virtual address to that piece of memory on sysprint
>so that I can easily retrieve it. Calling the assembler routin
On Mon, 16 Mar 2015 15:05:37 -0500, Paul Gilmartin wrote:
>When I whined about the "(how?)" in connection with SMP/E a few years ago,
>before I knew even what little I now suspect about the nature of the weakness,
>Walt replied with words similar to "reasonable caution". I take that to mean
>tha
On Mon, 16 Mar 2015 12:53:08 -0500, Paul Gilmartin wrote:
>OTOH, a vendor with a program which:
>
>o Uses IEBCOPY
>
>o Must be AC(1) for reasons not related to IEBCOPY
>
>... is now impacted in that calling IEBCOPY causes his program to lose
>authorization/
>ABEND/whatever.
Not true, gil. A pro
On Mon, 16 Mar 2015 08:33:31 -0700, Charles Mills wrote:
>Walt, not sure how your first paragraph invalidates my request or suggestion.
>
>If an authorized program had the option to run a "sub-task" (in a very
>generic, non-MVS sense of the word task) non-authorized, how
>would doing so then pre
On Sun, 15 Mar 2015 12:58:24 -0700, Charles Mills wrote:
>Agree with Gil's last comment 100%. Or give me an option: program Y does not
>need authorization any more than it would if called natively. Why can't I have
>the option to LINK to it APF=NO?
>
>FWIW, 'Y' will be hard-coded, and the user
Using fork() is not a problem, John, and has long been recommended as one
separation mechanism that would allow safer mixing of APF and non-APF programs.
The DDs will be the big problem, especially (as in Charles's case) where he's
invoking a program he does not control. That program will expect
On Mon, 23 Feb 2015 16:30:42 +0530, Jake anderson
wrote:
>I have specified the letter 'Y' at the 71st column and I have continued the
>next definition in First Column.
>
>...snipped...
>>
>> >MOUNT FILESYSTEM('M.R.E.PP.ZFS')
>> >MOUNTPOINT('/u/users/fffworke/mfcharl/msinstal/chrr080/
On Thu, 5 Feb 2015 18:12:04 +0200, Binyamin Dissen
wrote:
>
>I wou;d have expected that there would be a simple approach to rename the VVDS
>and recatalog all vsam items.
Have you posted any of the error messages yet? Or the specific DEFINE RECATALOG
commands you've tried?
Without seeing what
On Mon, 2 Feb 2015 11:40:13 -0500, Scott Ford wrote:
>The STC is autrhorized runs AC(1) from a APF authorized library. We have
>been using r_admin to pass commands and retrieve output to other external
>security subsystems ( i,e.; ACF2 and TSS ).
>But functionally, TSS supports FDT , user defned
On Sun, 1 Feb 2015 14:30:26 -0500, Scott Ford wrote:
>The command in question runs in TSO/E Option # 6 and can be executed via
>IKJEFT01 in batch. With these two options being true , can i write a
>command processor using IKJEFSI,IKJEFSR ..etc. ?
>My issue is we run as a STC ...i want to be able
On Wed, 24 Dec 2014 18:07:30 -0500, Micheal Butz
wrote:
>There is a homegrown clist that I want to use in Bach job
>This isn't APF authorized
What's wrong with something like:
// EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSPROC DD DSN=your.clist.library,DISP=SHR
//SYSTSIN DD *
%your-clist
On Wed, 24 Dec 2014 17:23:33 -0500, Micheal Butz
wrote:
>I think I would have to call IKJTSOEV
>To set up a TSO environment in a batch program before I called IKJEFTSR
You haven't told us enough about your program and its environment, really. But
if it runs in a standard batch job then just
On Wed, 24 Dec 2014 04:55:19 -0800, Charles Mills wrote:
>Briefly, I would like to add a JCLLIB/INCLUDE to a proc in the PROCLIB
>concatenation. I have to go with my hat in my hand to the powers that be to
>edit the PROCLIB. (No approval needed for the specific changes; just to make
>any change.)
This also may not be your problem, but I notice in the ISPF documentation for
the EDIT RECOVERY command the following caveat:
Note: For edit recovery to work properly, the data set to be recovered, the
edit recovery data set, and the edit recovery table all must exist, be
cataloged, and be inta
On Sun, 14 Dec 2014 19:44:07 +, J O Skip Robinson
wrote:
>Right on Walt. But I swore decades ago never to write a new CLIST. I'm too old
>to change. ;-)))
Sorry, Skip, but you need the right tool for the job, and sometimes CLIST is it
:)
(But using Console instead of the long obsolete OP
On Sat, 13 Dec 2014 23:33:12 -0500, Shmuel Metz (Seymour J.)
wrote:
>In
>,
>on 12/13/2014
> at 06:53 PM, J O Skip Robinson said:
>
>>Since there's no actual WTOR, I cannot invoke a second REXX to
>>continue the conversation.
>
>What are you trying to say? If you can invoke a REPLY command the
On Sun, 14 Dec 2014 01:54:26 -0600, Paul Edwards wrote:
>I don't have z/OS so I can't do this myself.
>
>Would someone who has z/OS be able to raise an
>issue either directly with IBM or via SHARE?
>
>The problem is that IBM's ftp has a great option
>to preserve RDW when transferring a binary VB
On Sun, 7 Dec 2014 19:00:14 -0700, Lizette Koehler
wrote:
>Are the zVM volumes online to z/OS? Do they have a OS Style vtoc?
How did z/VM become part of the question?
--
Walt
--
For IBM-MAIN subscribe / signoff / archive ac
On Tue, 21 Oct 2014 07:13:50 -0500, Elardus Engelbrecht
wrote:
>Barry Merrill wrote:
>
>>-A flag in RACF Unload file (RAC900: USS RACF BASIC RECORD)
>> APF CHAR 4 APF BIT ON?
>
>Sorry, I don't find it in my RACF books. Not in SMF unload or RACF unload
>chapters either. Wher
On Sat, 18 Oct 2014 23:39:12 +0300, Binyamin Dissen
wrote:
>Is there some kind of USS communication path available? The standard MVS XMEM
>post requires APF.
You wouldn't be posting; you'd be sending messages back and forth through one
of a variety of UNIX communication mechanisms.
--
Walt
On Sat, 18 Oct 2014 12:23:34 -0500, Victor Gil
wrote:
>Well, I have no experience with forking an address space, but how would the
>two communicate? Usually, there is some sort of common shared storage which
>does require APF authorization to establish and cleanup.
>
In the UNIX paradigm (w
On Fri, 17 Oct 2014 12:37:17 -0500, Victor Gil
wrote:
>Thanks! This would be a totally different ball game as it brings an extra
>layer of communication between the address spaces. This would also require
>extra "authorization" which wouldn't fly well with the management
Yes, it requires e
On Fri, 17 Oct 2014 10:56:39 -0500, Paul Gilmartin wrote:
>fork() should return a descriptor that the parent can use to kill() the child.
>I don't know that meets the "quietly" requirement. The child could trap
>the signal and terminate in an orderly manner. (Does execmvs() return
>a PID?)
In
On Thu, 16 Oct 2014 13:00:12 -0500, Victor Gil
wrote:
>Working on a general purpose callable subroutine to connect to a remote DB2
>subsystem and return values back to the caller.
>
>Since the caller may [and WILL] have established its own DB2 connection to a
>local DB2 subsystem, possibly wit
On Wed, 17 Sep 2014 15:29:46 -0500, John McKown
wrote:
>OK, I've run across yet another thing to "whine" about. The IBM C
>compiler, tested on z/OS 2.1, does not support a "three parameter"
>main() function. What I mean is that
>
>int main(int argc, char *argv[]) works properly, but
>int main(in
On Fri, 29 Aug 2014 17:47:03 -0500, Paul Gilmartin wrote:
>
>_UNIX03=NO cp -B -P'SPACE=(1,(0,300)),BLKSIZE=0' /dev/fd/0
> //TEMP.CBT854.ZIP
As I understand the JCL SPACE parameter, SPACE=(1,(0,300)) asks for a
primary space allocation of 0, with a secondary space allocation of 300,
On Tue, 26 Aug 2014 18:02:01 -0400, Micheal Butz
wrote:
>It hasn't retried
>
>I establish an estaex in the begining
>Of My program then load another program
>The second program gets a S0C4
>I get an ISP message re a S0C4 and the program ends my routine
>Never has a chance to examine
>It poin
On Thu, 14 Aug 2014 03:44:00 -0400, Shmuel Metz (Seymour J.)
wrote:
>In
>,
>on 08/13/2014
> at 07:08 AM, John McKown said:
>
>>I don't know if the POPS says anything about this or not.
>
>In general, PoOps describes data structures and instructions, not the
>performance ramifications, which w
On Wed, 13 Aug 2014 13:16:17 +0300, Binyamin Dissen
wrote:
>I allocated some storage in key9 so that one need not switch keys to
>access/update. It seems to cause the code to use slightly more CPU.
>
I wouldn't think there would be any noticable effect on CPU time; it's all
handled in the hard
Regarding use of RD&T for System z for a sysplex configuration: If I'm reading
everything correctly, the sysplex support (with virtualized CF) is available
only if you license RD&T in the RVU (Resource Value Unit) license
configuration, rather than using the Authorized User license. With the RVU
On Mon, 4 Aug 2014 12:55:10 -0400, Micheal Butz wrote:
>Wait open at step initiation
>
>I am talking about TSOLIB which I
>Believe I can load am APF authorized program from
Yes, you can load APF-authorized programs from TSOLIB, _if_ all the data sets
in the TSOLIB concatenation are APF-authoriz
On Mon, 28 Jul 2014 09:07:16 -0500, Paul Gilmartin wrote:
>On Sun, 27 Jul 2014 22:01:02 -0400, Jim Mulder wrote:
>
>>> There is some sharing across address spaces via z/OS Unix of program
>>> objects that live in the file system, using what I think of as shared
>>> private.
>>>
>>> Peter Relson
On Mon, 21 Jul 2014 13:58:57 -0400, Ken Smith wrote:
>ISKLM = IBM Security Key Life Cycle Manager - used for Tape (and DASD
>subsystem) encryption.
>
>Working fine except the piece that can create SMF audit records type 83/6 -
>security events isn't working. IBM Level 2 stumped. Works for them
On Wed, 9 Jul 2014 14:26:59 -0400, Micheal Butz wrote:
>I tried L AR(0)
>
>It gives me a error message invalid address
>
>L 0. AR(0) on the right side will show contents of Alet in r0
If you read the manual, starting with the perhaps most obvious one, TSO/E
Command Reference, which describes T
On Tue, 8 Jul 2014 08:03:19 -0500, Elardus Engelbrecht
wrote:
>Walter Farrell wrote:
>
>>I really wish we knew what ISV he works for so everyone could avoid their
>>products, or perhaps contact their management and tell them he's a seriously
>>dangerous programmer.
>
>>And yes, I wish no one w
On Mon, 7 Jul 2014 02:50:11 -0400, Micheal Butz wrote:
>I am getting a 306-0C as i was trying to load from steplib when one of the
>libs in the concatenation was not authorized to remedy the situation in my
>recovery routine I intercept the abend and prompt the user for a valid library
>I then
On Thu, 3 Jul 2014 20:13:59 -0400, John Gilmore wrote:
>This is yet another example of the typo-in-the-subject-line syndrome
>that will make this entire thread moot in the archives. No one who
>would benefit from finding and reading it will be able to do so.
A formal search of the archive, usin
On Mon, 30 Jun 2014 11:19:40 -0400, John Gilmore wrote:
>No!
>
>Positional and keyword arguments may be "freely interspersed" in macro
>instructions.
We're not talking about macro instruction operands. We're talking about the
macro instructions that define operands of TSO commands, and for TSO
On Mon, 30 Jun 2014 06:59:49 -0400, Micheal Butz
wrote:
>The whole scenario was interactive
>
>Bottom line why when I use IKJPOSIT with DSNAME operand
>And I enter a 8 character load module does it come back with invalid keyword
Because, I believe, positional operands must come before keyword
On Fri, 27 Jun 2014 21:29:30 +, Ward, Mike S wrote:
>Hello all, I am trying to learn more about crypto, so I am reading the manual
>on generating certificates and public/private key pairs. The >manual says that
>if I specify ICSF in the RACDCERT GENCERT command "the key pair is generated
>
On Fri, 27 Jun 2014 15:39:10 -0400, Micheal Butz
wrote:
>Okay thanks
>
>It still doesn't make sense to me
>If inadvertently did something I am already authorized
Yes, but you're trying to run code that is not yours, is not supposed to run
authorized, and has not been tested to ensure that _it
On Fri, 27 Jun 2014 11:01:36 -0400, MichealButz wrote:
>Rob,,
>
>I can't use the TSO service facility IKJEFTSR ( I would like issue certain
>non-authorized TSO commands) because my program is in IKJEFTSOxx
>AUTHPGM/CMD
>
>I know that PC rtn's are separate entities so I am looking for the PC rtn
On Fri, 27 Jun 2014 11:29:01 -0400, MichealButz wrote:
>Why cant I issue simple TSO command via IKJEFTSR because my code is
>authorized I don't understand the idea behind it
>
>I would like to keep everything local to my TSO address space I am not
>trying to do anything kooky I have a recovery rt
On Fri, 27 Jun 2014 15:55:17 +, Rob Scott wrote:
>As far as NOWTPMSG, it might be useful to investigate if it is *supported* to
>change the UPT settings manually - see UPTWTP and >UPTNCOM in IKJUPT.
They are documented as being part of the programming interface, and setting
them directl
On Thu, 26 Jun 2014 16:17:56 -0700, Phil Smith wrote:
>Walt Farrell wrote:
>>(It is also not clear where you got the ACEE address from in the first place;
>>that is also important, and often done incorrectly in cross-memory code, and
>>it would be good to see that code.)
On Thu, 26 Jun 2014 08:53:35 -0700, Phil Smith wrote:
>* In the first module, soon after the PC:
> ESAR R1 Get secondary ASID
> STH R1,SRQESASN And remember that
> MVI SRQERSVA+8,X'37' Set a magic value
> STH R1,SRQERSVA+9 Remember the
On Wed, 25 Jun 2014 16:14:32 -0700, Phil Smith wrote:
>Walt Farrell wrote:
>>Generally DB2 will either have the client ACEE in its own address space, or
>>will have a valid cross-memory environment between itself and its client.
>>Whenever DB2 is calling RACF to perform
On Wed, 25 Jun 2014 15:59:11 +, Rob Scott wrote:
>> I'm fuzzy on this, but it seems like that *might* not be the case, since it
>> was DB2 that called
>
>You need to capture the cross-memory environment when you get called from DB2
>(you can extract the HASN, SASN and PASN from control regi
On Wed, 25 Jun 2014 15:52:35 +, Rob Scott wrote:
>Be careful to ensure that you always use correctly primed AR when accessing
>storage in either HOME or SECONDARY - it is *VERY* easy to overlook and end up
>with misleading address pointers or bad data.
>
>For example, you cannot use TCBSENV
On Tue, 24 Jun 2014 13:51:27 -0400, Micheal Butz
wrote:
>The first explanation fits my scenario
>My program is in the AUTHPGM section of IKJTSOxx
>
>the command profile nowtpmsg
>Is unauthorized command but so
>What does that mean because my
>Program is in the authcmd/PGM
>I cann't invoke a com
On Tue, 24 Jun 2014 11:28:26 +0530, Mainframe Mainframe
wrote:
>3) Do I have to make any changes in RACF to avoid these issues.
As another list member indicated, you should look up the ICH70007I message and
take the actions indicated in the book.
--
Walt
On Mon, 9 Jun 2014 05:43:29 -0400, MichealButz wrote:
>It still is referenced by common below is my PROG01 entry
>
> LPA ADD MODNAME(USERMOD) DSNAME(USER.TEST.LOAD) FIXED
So, did you add it via a SETPROG command or not?
--
Walt
-
On Fri, 30 May 2014 20:22:29 +, Staller, Allan
wrote:
>I believe ACF2 is started as a subsystem. I know RACF is. Look in
>SYS1.PARMLIB(IEFSSN**).
RACF -has- a subsystem, Allan, but it is not part of the basic security
processing (RACROUTE REQUEST=VERIFY, AUTH, DEFINE, etc.) done by RACF.
On Thu, 29 May 2014 22:25:51 -0400, Micheal Butz
wrote:
>I point to the name field I am going to try eploc and see what happens
You didn't answer my question.
>> Have you investigated the possibility that your DE information may be
>> incorrect? If so, what have you done to verify its validit
If I remember correctly, "Failed by MVS" should indicate that:
(a) you do not have the MVS.LIBRARY command protected by your security product,
because if it was protected and you had authority it would work, or if you did
not have authority it would say "Failed by Security Product" and there wou
On Thu, 29 May 2014 21:34:37 +0300, Binyamin Dissen
wrote:
>I would suggest changing the MNOTE as well.
Why? It seems correctly worded to me.
>:>>+ 12,SETFRR A CANNOT BE ISSUED IN AMODE 64 PRIOR TO Z/OS 1.8
>:>>OR IN AR ASC MODE. PLEASE CHANGE TO BE IN AMODE 31 OR PRIMARY
>:>>ASC MODE FOR
On Thu, 29 May 2014 10:15:37 -0400, Micheal Butz
wrote:
>It seems anytime I use the load using the directory entry format I get the
>CSV019I abend load ep= works fine
Have you investigated the possibility that your DE information may be
incorrect? If so, what have you done to verify its valid
On Mon, 12 May 2014 11:35:44 -0700, Ed Jaffe
wrote:
>On 5/12/2014 11:08 AM, Walt Farrell wrote:
>> With your SRL R1,5 you end up with multiplying the original doubleword
>> length by 8.
>
>I assumed that was the intent, based on the comment in the code about
>the
On Mon, 12 May 2014 09:51:55 -0400, MichealButz wrote:
> * LOAD PROGRAM
>
> *
>
> *
>
> LOAD EP=AAALLIX1
>
> SLL R1,8 Get rid of auth code
>
> SRL R1,5 Length is in double words
>
I can't comment on the ABEND you get, and t
On Wed, 30 Apr 2014 10:04:15 +0100, Jim McAlpine wrote:
>Has anyone come across any other Android TN3270 clients other than the one
>from Mocha.
Searching he Google Play store for tn3270 should find 3 more for you to
consider.
--
Walt
-
On Tue, 29 Apr 2014 15:13:49 +, Scott Ford wrote:
>Its surprising that IBM hasn't thought about using C in exits , like RACF or
>other components.
>
>Considering Linux has been writing their Kernel in it for a few years. Not
>bashing IBM, curious why they haven't embraced C in the >system
My concern is that even with beta testing you might not experience issues in
your test sites (especially with things that are RACF subsystem- and/or
RRRSF-related) but production will eventually find some problems.
Metal C can probably work, but I would be very concerned about other flavors of
Perhaps you specified the DE information incorrectly?
Walt
On Tue, 29 Apr 2014 07:28:30 -0400, Micheal Butz
wrote:
>Did a explicit load ep=
>
>And it didn't abend
>
>Sent from my iPhone
>
>> On Apr 28, 2014, at 6:36 PM, "Shmuel Metz (Seymour J.)"
>> wrote:
>>
>> In <13124718-8ee3-4c31-8fe
You say "several" exits, which has me a bit concerned, Scott. Which exits,
exactly?
IRREVX01 may well work work if coded in C, and even if coded LE-enabled. But
for many other RACF exits I would be very surprised if they would work in C,
unless it's Metal C. And for those other exits I would be
On Sat, 12 Apr 2014 09:13:17 -0700, Lizette Koehler
wrote:
>Does any of this apply?
>
>You can code a value like: PARM='SDB=x' on the EXEC statement. This value
>is effective only if the output block size is not supplied by any source.
Isn't the block size of the input data set one of the
On Thu, 10 Apr 2014 09:42:44 -0400, John Gilmore wrote:
>Is it the case, as now seems all but certain, that the CP check
>explains the different behavior in your production and non-production
>environments? And if so, how and why is this a new problem?
It's new to them because they just leap-f
As far as I know, gil, that's the way that FREEing a concatenation has always
worked. It truly frees the first one, but merely deconcatenates the others. So,
yes, I believe you'll need to remember them if you want to be able to truly
free them later.
--
Walt
On Mon, 31 Mar 2014 17:03:30 -0500
On Wed, 12 Mar 2014 10:18:04 -0700, Donald J. wrote:
> But I could
>not get HostIDMapping to work with FTP Server. You would think the RACF
>interface would be the same for all applications.
RACF provides many interfaces, and the application chooses which one to use.
Then the results may vary
On Wed, 12 Mar 2014 11:54:35 -0400, MichealButz
wrote:
>I am setting a breakpoint at offset +0 in my program and getting a S0C1 at
>location +E
>
>The following is my scenario
>
>TESTAUTH �ISP.SISPLPA(ISPF)� CP
>
>LOAD �MYLOAD.LIBRARY(MYMOD)�
>
>Q MYMO.MYMOD.+0
>
>AT +0
>
>GO � INTO ispf
>
>Th
On Tue, 11 Mar 2014 05:54:24 -0700, Donald J. wrote:
>I am currently using openssl to create certificates for use with CICS
>Web Services that work fine. I haven't read anywhere that
>CICS Web Services supports authentication using HostIDMapping. I
>associate the certificate with a userid usin
On Mon, 10 Mar 2014 19:34:19 +, Chase, John wrote:
>> -Original Message-
>> From: IBM Mainframe Discussion List On Behalf Of John Gilmore
>>
>> Every American who has been in the military has perforce mastered and used
>> the 24-hour clock. Adopt
>> it for your report, explaining
On Fri, 7 Mar 2014 17:56:05 -0600, Paul Gilmartin wrote:
>On Fri, 7 Mar 2014 22:41:44 +, Hansen, Dave L - Eagan, MN wrote:
>>
>>44 *-* /* "CALL *(ISRSUPC)" */
>>45 *-* "CALL *(ISRSUPC) 'FILECMP,DELTAL'"
>> >L> "CALL *(ISRSUPC) 'FILECMP,DELTAL'"
>>
>> I was told by IBM I do
On Wed, 5 Mar 2014 19:05:52 +0100, jan de decker wrote:
>Hi list,
>
>I am building a small web application that interfaces with RACF.
>
>On the client side I only have the IBM default supplied classes.
>
>I want validate as much as possible on the client before sending it to the
>server.
>
>For t
On Mon, 3 Mar 2014 18:14:00 -0600, Paul Gilmartin wrote:
>On Mon, 3 Mar 2014 19:05:29 -0500, Micheal Butz wrote:
>
>>Is your program in a APF authorized library link edit with AC=1
>>
>>You can also use the SPKA instruction if the The only thing you desire to do
>>is change the PSW storage key
>
On Mon, 17 Feb 2014 17:19:32 +0530, venkat kulkarni
wrote:
>Hello,
> Thanks for reply. But as per IBM link, it says it we have down
>level system well sharing RACF then older system will use BPX.DEFAULT.USER
>if, they are not supported by BPX.UNIQUE.USER.
That's undoubtedly true, but
On Mon, 17 Feb 2014 07:54:35 +0530, venkat kulkarni
wrote:
>Initially my RACF DB was at AIM stage 1 but as the steps to converting
>BPX.UNIQUE.USER, I converted AIM stage 1 to AIM stage 3.
>
>As I have mentioned earlier as well, that along with z/OS 2.1, we have down
>level system(z/OS 1.13) as
On Fri, 31 Jan 2014 15:09:02 +, Rob Scott wrote:
>The OP was discussing using TCBJLB as the input to a FIND macro.
>
>If TCBJLB contains an ISPF TASKLIB then a FIND for a module in a TSOLIB
>declared dataset will not succeed.
>
>
Correct. As I mentioned earlier the OP will have to account
On Wed, 29 Jan 2014 13:38:46 -0500, Micheal Butz
wrote:
>Once you enter ISPF, however it is still part of the search chain for MVS/CSV
>so I thought I could find
>Where the program was found.
>
>Joblib/steplib/TSOLIB or link list
That last list is a bit too simple.
If you're looking at a ta
On Sun, 26 Jan 2014 16:55:23 -0500, MichealButz
wrote:
>I believe I don't have the right TCB to access TSOLIB I need the TCB for
>IKJEFT01
TSOLIB would not affect the TCB for IKJEFT01; that's much too far up in the TCB
tree and would disrupt the TMP processing if its tasklib were change. You
What's in AA.NAME at the time of the FIND? You didn't show us that.
--
Walt
On Sun, 26 Jan 2014 15:58:10 -0500, MichealButz
wrote:
>First
>
>TSOLIB ACTIVATE DATASET('IBMUSER.TEST.LOAD')
> READY
>Then
>
>BROWSEIBMUSER.TEST.LOAD Browse
>substituted
> Command
On Sun, 26 Jan 2014 10:32:55 -0500, MichealButz
wrote:
>I have tried a whole slew of macros with DCB specified by TCBJLB and none
>give a clean return code from OPEN, CLOSE FIND,BLDL
It's somewhat odd to think it might work for OPEN, Micheal, as that DCB is
already OPEN. And if it were to work
On Wed, 15 Jan 2014 14:46:27 -0500, Micheal Butz
wrote:
>Ill rephrase after run PSATOLD is equal to the TCB that was displayed
>By listtcb
That depends on who's looking at it, and when, Micheal. PSATOLD is always equal
to the address of the active TCB.
So, if you have the address of one of y
On Thu, 9 Jan 2014 11:34:13 -0600, Paul Gilmartin wrote:
>On Wed, 8 Jan 2014 23:01:56 -0800, Henry Willard wrote:
>>
>>I believe init (pid 1) becomes the parent. ...
>>
>I stand corrected, according to experiment with all of OS X, Linux,
>Solaris, and z/OS.
>
>But still, it could provide a mod
On Wed, 8 Jan 2014 11:45:58 -0500, MichealButz
wrote:
>I am getting the following return code when try to add CSVLLIX1 with the
>moaddr parameter of CSVDYNEX
>
>The AMODE of the program is correct = 31 As The high order bit of the
>address is one
>
>With the dsname parameter I get a RC of 0
On Sun, 5 Jan 2014 22:01:40 -0800, Ed Jaffe wrote:
>On 1/5/2014 6:39 PM, Paul Gilmartin wrote:
>> *And* I believe SDSF stays in its split. *And* I believe it allows
>> SWAP to another split. But that's not fair; SDSF is somehow
>> ISPF-savvy, not just a plain ol' TSO fullscreen application. SDSF
Why are you undefining and defining the exit point, Michael? You don't own it,
and should not be messing around with its definition.
Adding an exit module to the existing exit point is appropriate and expected,
of course.
But CSV is the component that owns the exit point, and CSV would be the
On Mon, 30 Dec 2013 17:15:23 -0500, Micheal Butz
wrote:
>I have been chaining the CDE entries looking for the executing program of the
>job step.
As Ed indicated, RBCDE from the oldest PRB in the jobstep TCB would be the CDE
you want, but I'm a bit puzzled why your subject line is asking abou
301 - 400 of 482 matches
Mail list logo