Re: TCPIP Device/Link to Interface question???
We have a static VIPA first with the same IP as the old HOME IP. Then the rest of the interfaces: OSA, Hipersockets, VIPA's DVIPA's . Comment out the HOME statement. Make sure your start statements are correct. The OBEY file the whole updated profile. Marshall Stone Mainframe Engineer, Technical Services -Original Message- From: IBM Mainframe Discussion List On Behalf Of Shaffer, Terri Sent: Wednesday, July 26, 2023 12:02 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: TCPIP Device/Link to Interface question??? Hi, Was wondering if someone could answer a question? I am converting my DEVICE/LINK statements to INTERFACE in my TCPIP configuration on my test lpar. I recycled my TCPIP and everything works, except I tripped an error on my HOME statement, because I think it uses LINK name, not Interface name? My PRIMARYINTERFACE is my primary INTERFACE statement , again everything seems to work. However, when I did a hometest, it looked okay with my primary IPADDR first, then Secondary and then loopback address which it should be. But to stop the error from my HOME link name from occurring, I commented my HOME statement out. That fixed my error message, but now LOOPBACK is first, then Primary IPADDRESS and then Secondary. So my question is do I need the HOME STATEMENT, or what replaces it, if anything when using INTERFACE statement? And/or how do I get the PRIMARY IPADDRESS first again? Ms Terri E Shaffer Senior Systems Engineer, z/OS Support: ACIWorldwide - Telecommuter H(412-766-2697) C(412-519-2592) terri.shaf...@aciworldwide.com [https://go.aciworldwide.com/rs/030-ROK-804/images/aci-footer.jpg] <http://www.aciworldwide.com> This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Curved Flat Screen
I use this Samsung model and it works well. SAMSUNG UJ59 Series 32-Inch 4K UHD (3840x2160) Computer Monitor, HDMI Marshall Stone Mainframe Engineer, Technical Services Mobile: 859-494-8651 www.edgesolutionsandconsulting.com -Original Message- From: IBM Mainframe Discussion List On Behalf Of Steve Beaver Sent: Tuesday, July 25, 2023 1:49 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Curved Flat Screen https://www.amazon.com/gp/product/B0BCXJ7XXM?tag=rtings-mn-r-amazon-20=UT F8=1 I have found this Alienware but its asking questions I don't know how to answer Steve -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [EXTERNAL] list of APPLIDs
Browse the VTAM USS Table source if you can locate it MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of R.S. Sent: Monday, December 21, 2020 10:14 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] list of APPLIDs How to get list of available APPLIDs? I mean LOGON APPLID=applidname -- Radoslaw Skorupka Lodz, Poland == Jeśli nie jesteś adresatem tej wiadomości: - powiadom nas o tym w mailu zwrotnym (dziękujemy!), - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś na dysku). Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać karze. mBank S.A. z siedzibą w Warszawie, ul. Prosta 18, 00-850 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 025237, NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na 01.01.2020 r. wynosi 169.401.468 złotych. If you are not the addressee of this message: - let us know by replying to this e-mail (thank you!), - delete this message permanently (including all the copies which you have printed out or saved). This message may contain legally protected information, which may be used exclusively by the addressee.Please be reminded that anyone who disseminates (copies, distributes) this message or takes any similar action, violates the law and may be penalised. mBank S.A. with its registered office in Warsaw, ul. Prosta 18, 00-850 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, KRS 025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN 169.401.468 as at 1 January 2020. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [EXTERNAL] Re: gskkyman & public key
Sorry FTPS - x.509 certs need to be exchanged and loaded onto the RACF keyring specified in the TLS rule in PAGENT and if you have client auth enabled the cert will need to be on the client PC/Device also -Original Message- From: IBM Mainframe Discussion List On Behalf Of Marshall Stone Sent: Thursday, November 5, 2020 9:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [EXTERNAL] Re: gskkyman & public key Public keys need to be exchanged between partners - client stores it usually in a file called /etc/ssh/known_hosts - server stores public key in /u/userid/.ssh/authorized_keys MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Skippy the Ancient Sent: Thursday, November 5, 2020 9:02 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: gskkyman & public key I am asking in regards to FTPS. I know gskkyman can create/import/export certs. The cert consists of a public and private key. I'm asking because it's my understanding that the public key should be loaded up and installed on a client computer. Is that correct? When looking at a directory full of certs, how can I find the public one? Or how do I create it? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [EXTERNAL] Re: gskkyman & public key
Public keys need to be exchanged between partners - client stores it usually in a file called /etc/ssh/known_hosts - server stores public key in /u/userid/.ssh/authorized_keys MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Skippy the Ancient Sent: Thursday, November 5, 2020 9:02 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: gskkyman & public key I am asking in regards to FTPS. I know gskkyman can create/import/export certs. The cert consists of a public and private key. I'm asking because it's my understanding that the public key should be loaded up and installed on a client computer. Is that correct? When looking at a directory full of certs, how can I find the public one? Or how do I create it? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [EXTERNAL] z/OS 2.4 and FTP server with FTP ATTLS verifying client certificates
Reply with your PAGENT rules for FTPS - you need a client and a server rule -Original Message- From: IBM Mainframe Discussion List On Behalf Of PINION, RICHARD W. Sent: Wednesday, October 28, 2020 10:43 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] z/OS 2.4 and FTP server with FTP ATTLS verifing client certificates I've been working with z/OS 2.4's FTP server using AT-TLS with certificates for the last few days. PAGENT is setup, and it seems to be functioning correctly. I've finally gotten to the point of the client sending in a certificate and logging on without having to specify a password, which is what I wanted. I'm using Core FTP LE as my ftp client. I'm almost through the door, so to speak, but when I get to the point of getting a directory listing on Core FTP, on the z/OS side I get this error. protDataConnAttls: ioctl() failed on SIOCTTLSCTL - EDC8148I Protocol error. (errno2=0x77B70291) At this point the TLS negotiation fails, and the data connection is closed. Below the EDC8148I message text are my FTP Server options. One more piece of information, z/OS 2.4 is running under VM. Looking up EDC8184I, EDC8148I Protocol error. Explanation A protocol error occurred. This error is device-specific, but is usually not caused by a hardware failure. System action The request fails. The application continues to run. Programmer response Proceed with cleanup of the application resources, and then close the socket. When the socket has been freed, the application may begin the process again. My z/OS FTP server options are, TLSMECHANISM ATTLS EXTENSIONSAUTH_TLS ; Enable TLS authentication ; Default is disabled. SECURE_FTPALLOWED ; Authentication indicator ; ALLOWED(D) ; REQUIRED SECURE_LOGIN VERIFY_USER ; Authorization level indicator ; for TLS ; NO_CLIENT_AUTH (D) ; REQUIRED ; VERIFY_USER SECURE_PASSWORD OPTIONAL ; REQUIRED (D) - User must enter password ; OPTIONAL - User does not have to ; enter a password ; This setting has meaning only ; for TLS when implementing client ; certificate authentication SECURE_CTRLCONN PRIVATE ; Minimum level of security for ; the control connection ; CLEAR (D) ; SAFE ; PRIVATE SECURE_DATACONN PRIVATE ; Minimum level of security for ; the data connection ; NEVER ; CLEAR (D) ; SAFE ; PRIVATE SECURE_PBSZ 16384 ; Kerberos maximum size of the ; encoded data blocks ; Default value is 16384 ; Valid range is 512 through 32768 SECURE_SESSION_REUSE REQUIRED ; Specify whether session reuse is ; required when SSL/TLS is being ; used to protect the connections ; ALLOWED(D) password ; OPTIONAL - User does not have to ; enter a password ; This setting has meaning only ; for TLS when implementing client ; certificate authentication CIPHERSUITE SSL_NULL_MD5 ; 01 CIPHERSUITE SSL_NULL_SHA ; 02 CIPHERSUITE SSL_RC4_MD5_EX; 03 CIPHERSUITE SSL_RC4_MD5 ; 04 CIPHERSUITE SSL_RC4_SHA ; 05 CIPHERSUITE SSL_RC2_MD5_EX; 06 CIPHERSUITE SSL_DES_SHA ; 09 CIPHERSUITE SSL_3DES_SHA ; 0A CIPHERSUITE SSL_AES_128_SHA ; 2F CIPHERSUITE SSL_AES_256_SHA ; 35 KEYRING /usr/local/certificates/BCI.kdb ; Name of the keyring for TLS ; It can be the name of an HFS x ; file (name starts with /) or ; a resource name in the security ; product (e.g., RACF) TLSTIMEOUT100 ; Maximum time limit between full
Re: [EXTERNAL] IBM splitting into two companies
Anyone remember Advantis... the 'network people' @ IBM GTS were spun off to create that debacle Marshall Stone Sirius Corp - Mainframe Sr. Engineer Office: 984.202.7078 Mobile: 859.494.8651 -Original Message- From: IBM Mainframe Discussion List On Behalf Of Dave Jousma Sent: Thursday, October 8, 2020 11:44 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] IBM splitting into two companies Anyone know any more about this? https://www.reuters.com/article/us-ibm-divestiture/ibm-to-break-up-109-year-old-company-to-focus-on-cloud-growth-idUSKBN26T1TZ https://www.prnewswire.com/news-releases/ibm-to-accelerate-hybrid-cloud-growth-strategy-and-execute-spin-off-of-market-leading-managed-infrastructure-services-unit-301148458.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions
Anything SFTP on Open/SSH will never use AT-TLS FTPS - Is IBM's FTP program not using PORT 21 and running in secured mode, setup to force authentication and use AT/TLS for encryption MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 1:19 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions Do you know if either of those require AT-TLS? When I installed and configured SSHD last (a couple of years ago) it did its own encryption. I never worked with anything called FTPS. On 6/30/2020 10:12 AM, Marshall Stone wrote: > There are 2 types of FTP in use today on most mainframes. > > SFTP - which uses Open/SSH (SSHAGNT as client and SSHD as a server) > and the encryption/authentication is generally provided by the use of > RSA/DSA public/private key pairs. The public keys are exchanged and > stored in known_hosts files (if acting as client) or authorized_keys > file (if acting as server) - Uses Server PORT 22 and ephemeral ports > > FTPS - completely different mechanism the AT/TLS functions are > provided by ICSF and policy agent (PAGENT) - You must configure an > FTPS TLS rule to allow the connection and the partner side also will > require a similar rule. The encryption/authentication come from the > PAGENT rule and the use of x.509 certificates. These are exchanged > between partners and loaded onto the RACF keyring. The PAGNET rule > points back to the keyring. - Uses Server PORT 990 by an old implicit > default most sites use a different port and connect clients with > ephemeral port ranges. FTPS handles MVS datasets better if possible > use FTPS for MF to MF and use SFTP for MF to Other > platforms(MS,UNIX,etc) > > MS > > -Original Message- > From: IBM Mainframe Discussion List On > Behalf Of Tom Brennan > Sent: Tuesday, June 30, 2020 12:58 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions > > I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar > last week, but I'm still missing what I imagine are important background > points. Maybe someone here can explain things, but don't worry too much > about it. > > Client and server programs like SSH/SSHD call programs such as OpenSSL > to handle the encryption handshake and processing. So when you set > those up, there is no AT-TLS needed for encryption. Same with the > TN3270 server and client, as long as you set that up with keys and parameters > on the host side, and settings on the client side. > > I'm thinking because of the name "Application Transparent" that AT-TLS was > made for programs that DON'T have their own logic to call OpenSSL (or > whatever) to do their own encryption. Let's use clear-text FTP as an > example. So somehow, AT-TLS hooks into the processing and provides an > encrypted "tunnel", kind of like VPN does, but only for that one application. > Does that sound correct? > > If so, then the encryption is "transparent" to the FTP server code and FTP > does not need to be changed, which I think is the whole idea here. > Yet we now have an encrypted session. Does that sound correct? > > Then if so, what happens on the FTP client side? I certainly can't use the > Windows FTP command, for example, because it's not setup for any kind of > encryption. That's kind of my big question here. > > On 6/30/2020 1:44 AM, Lionel B Dyck wrote: >> Sweet - thank you >> >> >> Lionel B. Dyck < >> Website: https://www.lbdsoftware.com >> >> "Worry more about your character than your reputation. Character is >> what you are, reputation merely what others think you are." - John >> Wooden >> >> -Original Message- >> From: IBM Mainframe Discussion List On >> Behalf Of kekronbekron >> Sent: Tuesday, June 30, 2020 2:34 AM >> To: IBM-MAIN@LISTSERV.UA.EDU >> Subject: Re: AT-TLS ? >> >> Hi LBD!, >> >> Check these out- >> >> >> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 >> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415 >> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414 >> >> - KB >> >> ‐‐‐ Original Message ‐‐‐ >> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck wrote: >> >>> Anyone have any pointers for configuring AT-TLS on z/OS? >>> >>> Lionel B. Dyck < >>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com >>> >>> "Worry more about your chara
Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions
There are 2 types of FTP in use today on most mainframes. SFTP - which uses Open/SSH (SSHAGNT as client and SSHD as a server) and the encryption/authentication is generally provided by the use of RSA/DSA public/private key pairs. The public keys are exchanged and stored in known_hosts files (if acting as client) or authorized_keys file (if acting as server) - Uses Server PORT 22 and ephemeral ports FTPS - completely different mechanism the AT/TLS functions are provided by ICSF and policy agent (PAGENT) - You must configure an FTPS TLS rule to allow the connection and the partner side also will require a similar rule. The encryption/authentication come from the PAGENT rule and the use of x.509 certificates. These are exchanged between partners and loaded onto the RACF keyring. The PAGNET rule points back to the keyring. - Uses Server PORT 990 by an old implicit default most sites use a different port and connect clients with ephemeral port ranges. FTPS handles MVS datasets better if possible use FTPS for MF to MF and use SFTP for MF to Other platforms(MS,UNIX,etc) MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 12:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar last week, but I'm still missing what I imagine are important background points. Maybe someone here can explain things, but don't worry too much about it. Client and server programs like SSH/SSHD call programs such as OpenSSL to handle the encryption handshake and processing. So when you set those up, there is no AT-TLS needed for encryption. Same with the TN3270 server and client, as long as you set that up with keys and parameters on the host side, and settings on the client side. I'm thinking because of the name "Application Transparent" that AT-TLS was made for programs that DON'T have their own logic to call OpenSSL (or whatever) to do their own encryption. Let's use clear-text FTP as an example. So somehow, AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of like VPN does, but only for that one application. Does that sound correct? If so, then the encryption is "transparent" to the FTP server code and FTP does not need to be changed, which I think is the whole idea here. Yet we now have an encrypted session. Does that sound correct? Then if so, what happens on the FTP client side? I certainly can't use the Windows FTP command, for example, because it's not setup for any kind of encryption. That's kind of my big question here. On 6/30/2020 1:44 AM, Lionel B Dyck wrote: > Sweet - thank you > > > Lionel B. Dyck < > Website: https://www.lbdsoftware.com > > "Worry more about your character than your reputation. Character is > what you are, reputation merely what others think you are." - John > Wooden > > -Original Message- > From: IBM Mainframe Discussion List On > Behalf Of kekronbekron > Sent: Tuesday, June 30, 2020 2:34 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: AT-TLS ? > > Hi LBD!, > > Check these out- > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415 > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414 > > - KB > > ‐‐‐ Original Message ‐‐‐ > On Monday, June 29, 2020 3:56 AM, Lionel B Dyck wrote: > >> Anyone have any pointers for configuring AT-TLS on z/OS? >> >> Lionel B. Dyck < >> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com >> >> "Worry more about your character than your reputation. Character is >> what you are, reputation merely what others think you are." - John >> Wooden >> >> >> - >> - >> - >> - >> - >> >> For IBM-MAIN subscribe / signoff / archive access instructions, send >> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and
Re: [EXTERNAL] CL/SuperSession 2.1
A couple times now, IBM offers a migration service with a PSR type person and some REXX code that migrates the user DB and other files to CL/SS but it isn’t cheap- Screen scrapers apps like from CICS have to be tested thoroughly and the screen images exactly duplicated. -Original Message- From: IBM Mainframe Discussion List On Behalf Of Steve Beaver Sent: Friday, February 28, 2020 1:35 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] CL/Supersesson 2.1 Has anyone moved from NVAS to CL/Supersession 2.1? Any big gottcha's I need to look for? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [E!] Re: Automatic Alias Creation
At the previous shop they used sailpoint to replace most of the RACF team... just sayin MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of John P. Baker Sent: Wednesday, May 22, 2019 2:07 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [E!] Re: Automatic Alias Creation CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Sasan, SailPoint IIQ can be customized to issue the IDCAMS DEFINE ALIAS and the IDCAMS DELETE ALIAS commands. The "CTSx" STCs will need to have the requisite "READ" access to resource ID "STGADMIN.IGG.DEFDEL.UALIAS" in resource class ID "FACILITY". John P. Baker -Original Message- From: IBM Mainframe Discussion List On Behalf Of Sasan Mirkhani Sent: Wednesday, May 22, 2019 2:03 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [E!] Re: Automatic Alias Creation That's actually what we've been doing for a long time. Our Sec admins use ISPF interface to make all RACF/TSO definitions. We will soon be using a new product to provision RACF IDs called Sailpoint IIQ. IIQ uses LDAP Server to provision RACF IDs and that will most likely be done by Helpdesk or other users who have little knowledge of RACF and TSO. We have to figure out a way to automate the ALIAS creation process when a RACF ID with TSO segment is defined but I'm not sure how we can do that yet. -Original Message- From: IBM Mainframe Discussion List On Behalf Of Carmen Vitullo Sent: May-22-19 1:56 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [E!] Re: Automatic Alias Creation who is responsible for setting up the ID's? most places I've been its the security team that creates the ID' provides the access to resources and creates the alias's, that can be, and have been streamlined in a lot of places I worked, the SECADMIN's only need to run a REXX or CLIST, provide the ID to get started and that script creates all the required security, and creates the ALIAS for the ID Carmen Vitullo - Original Message - From: "Sasan Mirkhani" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Wednesday, May 22, 2019 12:41:13 PM Subject: Automatic Alias Creation Hi list, We're currently provisioning RACF IDs using the Tivoli Directory Server (LDAP SDBM backend). For IDs that are defined with TSO segment we need to figure out a way to automatically create an ALIAS. What would be the best way to go about this? I've thought about doing it in our LOGON PROC, however that would require users to have UPDATE access to the master catalog which we would like to avoid. How else can we go about this? Thanks -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: LU2 type sample logmode
SNADYNA comes to mind it might have been a custom LOGMODE MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Seymour J Metz Sent: Monday, April 22, 2019 11:31 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: LU2 type sample logmode Wouldn't it be better to use a logmode that permits a negotiated BIND? -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Joe Monk Sent: Sunday, April 21, 2019 4:32 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: LU2 type sample logmode https://secure-web.cisco.com/1pNNReLUL6TEcTNN0QHFj4wEtQ426-QYfh2pRfmtkbgNPfz0lLtYveRIl4dhKPh2Hfab0VLwJKpS5yP-FtoHMZD-CU3cxpeW2avh2o8vmkobbB_d61aGT89_pAZXOWt8m747LqJWGdJEUftn2mpZSuhy-PkI7rS6LIMCRAgIDGgY6ypVHp8zpH-uWP_j__2u11VteiSimn0kq1jkm4CqIxkmdFTbNGEtC4Uihr8_lMvXHMlxIfgXpRQTI2vDhSc08DRe43SBQ_6gOp9Gw4x657xJWkSyQUZv5IISR0QI_Rl3TAjq9AjtPnUCTfXtrxzE-_5N1YcuvUUltUz8XtAHtEC_5R_imBdjp09iUl0yVNxkyaQjTOBa1gC-0upRORpklUgXBbOF14EkaUoWvi8USpH6Q-tTsNRZClNJ8oJOC7oiQQWXc3Gv2aUjO-JrGk8dE/https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSSLTBW_2.3.0%2Fcom.ibm.zos.v2r3.istrdr0%2Fdeflogt.htm#deflogt Usually D4A32782 or SNX32702 is pretty good... Joe On Sun, Apr 21, 2019 at 1:46 AM Jake Anderson wrote: > Hi > > Are there a IBM supplied LU2 type logmode for tso logon ? > > I am looking for a sample definition to build a TSO LU2 type definition. > > Any pointers are much appreciated > > Jake > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: CSSMTP
That’s interesting - The TCPIP.SEZALOAD on these z/OS V2.3 systems do not have MVPMAIN load module anymore. Could someone have copied it? MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Carmen Vitullo Sent: Wednesday, April 17, 2019 10:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: CSSMTP what program is not found? looks like out network guy has an SMTP address space started using MVPMAIN, I see this program still in my 2.3 TCPIP.SEZATCP loadlib is there another program in the call charin that is no longer there? also from the migration Guide Share presentation I have sez. z/OS V2.3 is the last release to include the Simple Mail Transport Protocol Network Job Entry (SMTPD NJE) Mail Gateway and Sendmail mail transports. If you use the SMTPD NJE Gateway to send mail, use the existing CSSMTP SMTP NJE Mail Gateway instead. IBM had announced plans to provide a replacement program for the Sendmail client that would not require programming changes. Those plans have changed, and IBM plans to provide a compatible subset of functions for Sendmail in the replacement program and to announce those functions in the future. Programming changes or alternative solutions to currently provided Sendmail functions might be required. No replacement function is planned in z/OS Communications Server to support using SMTPD or Sendmail as a (SMTP) server for receiving mail for delivery to local TSO/E or z/OS UNIX System Services user mailboxes, or for forwarding mail to other destinations. - confused 0 Carmen Vitullo - Original Message - From: "Marshall Stone" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Wednesday, April 17, 2019 9:12:54 AM Subject: Re: CSSMTP Also you are going from basically a POP mail server with full functions to a spool offload program that just forwards files to your corporate mail server. In V2.3 and above the mail program is no longer found, but we did cheat and copy the module from V2.2 and it worked in the lab under V2.3. MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Wawiorko, Mike : Infrastructure Services Sent: Wednesday, April 17, 2019 10:05 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: CSSMTP The biggest problem with migrating to CSSMTP would be not doing it. If you try to stick with SMTP, when you upgrade z/OS you'd have nothing as SMTP would stop working. Mike Wawiorko _ This message is for information purposes only, it is not a recommendation, advice, offer or solicitation to buy or sell a product or service nor an official confirmation of any transaction. It is directed at persons who are professionals and is not intended for retail customer use. Intended for recipient only. This message is subject to the terms at: www.barclays.com/emaildisclaimer. For important disclosures, please see: www.barclays.com/salesandtradingdisclaimer regarding market commentary from Barclays Sales and/or Trading, who are active market participants; and in respect of Barclays Research, including disclosures relating to specific issuers, please see http://publicresearch.barclays.com. __ If you are incorporated or operating in Australia, please see https://www.home.barclays/disclosures/importantapacdisclosures.html for important disclosure. __ __ How we use personal information see our privacy notice https://www.investmentbank.barclays.com/disclosures/personalinformationuse.html _ Barclays offers wealth and investment management products and services to its clients through Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group. The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk. This email and any a
Re: CSSMTP
Also you are going from basically a POP mail server with full functions to a spool offload program that just forwards files to your corporate mail server. In V2.3 and above the mail program is no longer found, but we did cheat and copy the module from V2.2 and it worked in the lab under V2.3. MS -Original Message- From: IBM Mainframe Discussion List On Behalf Of Wawiorko, Mike : Infrastructure Services Sent: Wednesday, April 17, 2019 10:05 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: CSSMTP The biggest problem with migrating to CSSMTP would be not doing it. If you try to stick with SMTP, when you upgrade z/OS you'd have nothing as SMTP would stop working. Mike Wawiorko _ This message is for information purposes only, it is not a recommendation, advice, offer or solicitation to buy or sell a product or service nor an official confirmation of any transaction. It is directed at persons who are professionals and is not intended for retail customer use. Intended for recipient only. This message is subject to the terms at: www.barclays.com/emaildisclaimer. For important disclosures, please see: www.barclays.com/salesandtradingdisclaimer regarding market commentary from Barclays Sales and/or Trading, who are active market participants; and in respect of Barclays Research, including disclosures relating to specific issuers, please see http://publicresearch.barclays.com. __ If you are incorporated or operating in Australia, please see https://www.home.barclays/disclosures/importantapacdisclosures.html for important disclosure. __ __ How we use personal information see our privacy notice https://www.investmentbank.barclays.com/disclosures/personalinformationuse.html _ Barclays offers wealth and investment management products and services to its clients through Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group. The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk. This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments. Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority ( Financial Services Register No. 122702). __ If you are incorporated or operating in Australia, please see https://www.home.barclays/disclosures/important-apac-disclosures.html for important disclosure.
Re: z?OSMF
I use configuration assistant very often to maintain Policy Agent configs (IPSec TLSv12, IDS, etc) Regards, Marshall Stone -Original Message- From: IBM Mainframe Discussion List On Behalf Of Steve Beaver Sent: Tuesday, April 16, 2019 3:37 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: z?OSMF z/OSMF to say it mildly is a lot to configure. Is anyone getting any use of z/OSMF other than a lot of work TIA Steve -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN