Re: [EXTERNAL] list of APPLIDs

2020-12-21 Thread Marshall Stone
Browse the VTAM USS Table source if you can locate it

MS

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of R.S.
Sent: Monday, December 21, 2020 10:14 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] list of APPLIDs

How to get list of available APPLIDs?
I mean
LOGON APPLID=applidname

--
Radoslaw Skorupka
Lodz, Poland





==

Jeśli nie jesteś adresatem tej wiadomości:

- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś 
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać 
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza) 
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać 
karze.

mBank S.A. z siedzibą w Warszawie, ul. Prosta 18, 00-850 Warszawa,www.mBank.pl, 
e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st. Warszawy XII Wydział 
Gospodarczy Krajowego Rejestru Sądowego, KRS 025237, NIP: 526-021-50-88. 
Kapitał zakładowy (opłacony w całości) według stanu na 01.01.2020 r. wynosi 
169.401.468 złotych.

If you are not the addressee of this message:

- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have 
printed out or saved).
This message may contain legally protected information, which may be used 
exclusively by the addressee.Please be reminded that anyone who disseminates 
(copies, distributes) this message or takes any similar action, violates the 
law and may be penalised.

mBank S.A. with its registered office in Warsaw, ul. Prosta 18, 00-850 
Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for the Capital 
City of Warsaw, 12th Commercial Division of the National Court Register, KRS 
025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN 
169.401.468 as at 1 January 2020.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: [EXTERNAL] Re: gskkyman & public key

2020-11-05 Thread Marshall Stone
Sorry FTPS - x.509 certs need to be exchanged and loaded onto the RACF keyring 
specified in the TLS rule in PAGENT and if you have client auth enabled the 
cert will need to be on the client PC/Device also

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Marshall Stone
Sent: Thursday, November 5, 2020 9:16 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: gskkyman & public key

Public keys need to be exchanged between partners - client stores it usually in 
a file called /etc/ssh/known_hosts - server stores public key in 
/u/userid/.ssh/authorized_keys

MS
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Skippy the Ancient
Sent: Thursday, November 5, 2020 9:02 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: gskkyman & public key

I am asking in regards to FTPS.
I know gskkyman can create/import/export certs. The cert consists of a public 
and private key.
I'm asking because it's my understanding that the public key should be loaded 
up and installed on a client computer.  Is that correct?

When looking at a directory full of certs, how can I find the public one?  Or 
how do I create it?

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: [EXTERNAL] Re: gskkyman & public key

2020-11-05 Thread Marshall Stone
Public keys need to be exchanged between partners - client stores it usually in 
a file called /etc/ssh/known_hosts - server stores public key in 
/u/userid/.ssh/authorized_keys

MS
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Skippy the Ancient
Sent: Thursday, November 5, 2020 9:02 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: gskkyman & public key

I am asking in regards to FTPS.
I know gskkyman can create/import/export certs. The cert consists of a public 
and private key.
I'm asking because it's my understanding that the public key should be loaded 
up and installed on a client computer.  Is that correct?

When looking at a directory full of certs, how can I find the public one?  Or 
how do I create it?

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: [EXTERNAL] z/OS 2.4 and FTP server with FTP ATTLS verifying client certificates

2020-10-28 Thread Marshall Stone
Reply with your PAGENT rules for FTPS - you need a client and a server rule

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
PINION, RICHARD W.
Sent: Wednesday, October 28, 2020 10:43 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] z/OS 2.4 and FTP server with FTP ATTLS verifing client 
certificates

I've been working with z/OS 2.4's FTP server using AT-TLS with certificates for 
the last few days.  PAGENT is setup, and it seems to be functioning correctly.  
I've finally gotten to the point of the client sending in a certificate and 
logging on without having to specify a password, which is what I wanted.
I'm using Core FTP LE as my ftp client.

I'm almost through the door, so to speak, but when I get to the point of 
getting a directory listing on Core FTP, on the z/OS side I get this error.

protDataConnAttls: ioctl() failed on SIOCTTLSCTL - EDC8148I Protocol error. 
(errno2=0x77B70291)

At this point the TLS negotiation fails, and the data connection is closed.  
Below the EDC8148I message text are my FTP Server options.  One more piece of 
information, z/OS 2.4 is running under VM.

Looking up EDC8184I,

EDC8148I   Protocol error.
Explanation

A protocol error occurred. This error is device-specific, but is usually not 
caused by a hardware failure.

System action

The request fails. The application continues to run.

Programmer response

Proceed with cleanup of the application resources, and then close the socket. 
When the socket has been freed, the application may begin the process again.


My z/OS FTP server options are,

TLSMECHANISM  ATTLS

EXTENSIONSAUTH_TLS  ; Enable TLS authentication
; Default is disabled.

SECURE_FTPALLOWED   ; Authentication indicator
; ALLOWED(D)
; REQUIRED

SECURE_LOGIN  VERIFY_USER   ; Authorization level indicator
; for TLS
; NO_CLIENT_AUTH (D)
; REQUIRED
; VERIFY_USER

SECURE_PASSWORD   OPTIONAL  ; REQUIRED (D) - User must enter
  password
; OPTIONAL - User does not have to
; enter a password
; This setting has meaning only
; for TLS when implementing client
; certificate authentication
SECURE_CTRLCONN   PRIVATE   ; Minimum level of security for
; the control connection
; CLEAR  (D)
; SAFE
; PRIVATE

SECURE_DATACONN   PRIVATE   ; Minimum level of security for
; the data connection
; NEVER
; CLEAR  (D)
; SAFE
; PRIVATE

SECURE_PBSZ   16384 ; Kerberos maximum size of the
; encoded data blocks
; Default value is 16384
; Valid range is 512 through 32768

SECURE_SESSION_REUSE  REQUIRED  ; Specify whether session reuse is
; required when SSL/TLS is being
; used to protect the connections
; ALLOWED(D)
  password
; OPTIONAL - User does not have to
; enter a password
; This setting has meaning only
; for TLS when implementing client
; certificate authentication
 CIPHERSUITE   SSL_NULL_MD5  ; 01
 CIPHERSUITE   SSL_NULL_SHA  ; 02
 CIPHERSUITE   SSL_RC4_MD5_EX; 03
 CIPHERSUITE   SSL_RC4_MD5   ; 04
 CIPHERSUITE   SSL_RC4_SHA   ; 05
 CIPHERSUITE   SSL_RC2_MD5_EX; 06
 CIPHERSUITE   SSL_DES_SHA   ; 09
 CIPHERSUITE   SSL_3DES_SHA  ; 0A
 CIPHERSUITE   SSL_AES_128_SHA   ; 2F
 CIPHERSUITE   SSL_AES_256_SHA   ; 35

KEYRING /usr/local/certificates/BCI.kdb ; Name of the keyring for TLS
; It can be the name of an HFS x
; file (name starts with /) or
; a resource name in the security
; product (e.g., RACF)
TLSTIMEOUT100   ; Maximum time limit between full
   

Re: [EXTERNAL] IBM splitting into two companies

2020-10-08 Thread Marshall Stone
Anyone remember Advantis... the 'network people' @ IBM GTS were spun off to 
create that debacle

Marshall Stone
Sirius Corp - Mainframe Sr. Engineer
Office: 984.202.7078
Mobile: 859.494.8651

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Dave Jousma
Sent: Thursday, October 8, 2020 11:44 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] IBM splitting into two companies

Anyone know any more about this?

https://www.reuters.com/article/us-ibm-divestiture/ibm-to-break-up-109-year-old-company-to-focus-on-cloud-growth-idUSKBN26T1TZ

https://www.prnewswire.com/news-releases/ibm-to-accelerate-hybrid-cloud-growth-strategy-and-execute-spin-off-of-market-leading-managed-infrastructure-services-unit-301148458.html

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Marshall Stone
Anything SFTP on Open/SSH will never use AT-TLS

FTPS - Is IBM's FTP program not using PORT 21 and running in secured mode, 
setup to force authentication and use AT/TLS for encryption

MS
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 1:19 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

Do you know if either of those require AT-TLS?  When I installed and configured 
SSHD last (a couple of years ago) it did its own encryption. 
I never worked with anything called FTPS.

On 6/30/2020 10:12 AM, Marshall Stone wrote:
> There are 2 types of FTP in use today on most mainframes.
> 
> SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server) 
> and the encryption/authentication is generally provided by the use of 
> RSA/DSA public/private key pairs. The public keys are exchanged and 
> stored in known_hosts files (if acting as client) or authorized_keys 
> file (if acting as server) - Uses Server PORT 22 and ephemeral ports
> 
> FTPS - completely different mechanism the AT/TLS functions are 
> provided by ICSF and policy agent (PAGENT) - You must configure an 
> FTPS TLS rule to allow the connection and the partner side also will 
> require a similar rule. The encryption/authentication come from the 
> PAGENT rule and the use of x.509 certificates.  These are exchanged 
> between partners and loaded onto the RACF keyring. The PAGNET rule 
> points back to the keyring. - Uses Server PORT 990 by an old implicit 
> default most sites use a different port and connect clients with 
> ephemeral port ranges. FTPS handles MVS datasets better if possible 
> use FTPS for MF to MF and use SFTP for MF to Other 
> platforms(MS,UNIX,etc)
> 
> MS
> 
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of Tom Brennan
> Sent: Tuesday, June 30, 2020 12:58 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions
> 
> I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
> last week, but I'm still missing what I imagine are important background 
> points.  Maybe someone here can explain things, but don't worry too much 
> about it.
> 
> Client and server programs like SSH/SSHD call programs such as OpenSSL 
> to handle the encryption handshake and processing.  So when you set 
> those up, there is no AT-TLS needed for encryption.  Same with the
> TN3270 server and client, as long as you set that up with keys and parameters 
> on the host side, and settings on the client side.
> 
> I'm thinking because of the name "Application Transparent" that AT-TLS was 
> made for programs that DON'T have their own logic to call OpenSSL (or 
> whatever) to do their own encryption.  Let's use clear-text FTP as an 
> example.  So somehow, AT-TLS hooks into the processing and provides an 
> encrypted "tunnel", kind of like VPN does, but only for that one application. 
>  Does that sound correct?
> 
> If so, then the encryption is "transparent" to the FTP server code and FTP 
> does not need to be changed, which I think is the whole idea here.
> Yet we now have an encrypted session.  Does that sound correct?
> 
> Then if so, what happens on the FTP client side?  I certainly can't use the 
> Windows FTP command, for example, because it's not setup for any kind of 
> encryption.  That's kind of my big question here.
> 
> On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
>> Sweet - thank you
>>
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation.  Character is 
>> what you are, reputation merely what others think you are." - John 
>> Wooden
>>
>> -Original Message-
>> From: IBM Mainframe Discussion List  On 
>> Behalf Of kekronbekron
>> Sent: Tuesday, June 30, 2020 2:34 AM
>> To: IBM-MAIN@LISTSERV.UA.EDU
>> Subject: Re: AT-TLS ?
>>
>> Hi LBD!,
>>
>> Check these out-
>>
>>
>> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
>> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
>> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>>
>> - KB
>>
>> ‐‐‐ Original Message ‐‐‐
>> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>>
>>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>>
>>> Lionel B. Dyck <
>>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>>
>>> "Worry more about your chara

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Marshall Stone
There are 2 types of FTP in use today on most mainframes.

SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server) and the 
encryption/authentication is generally provided by the use of RSA/DSA 
public/private key pairs. The public keys are exchanged and stored in 
known_hosts files (if acting as client) or authorized_keys file (if acting as 
server) - Uses Server PORT 22 and ephemeral ports

FTPS - completely different mechanism the AT/TLS functions are provided by ICSF 
and policy agent (PAGENT) - You must configure an FTPS TLS rule to allow the 
connection and the partner side also will require a similar rule. The 
encryption/authentication come from the PAGENT rule and the use of x.509 
certificates.  These are exchanged between partners and loaded onto the RACF 
keyring. The PAGNET rule points back to the keyring. - Uses Server PORT 990 by 
an old implicit default most sites use a different port and connect clients 
with ephemeral port ranges. FTPS handles MVS datasets better if possible use 
FTPS for MF to MF and use SFTP for MF to Other platforms(MS,UNIX,etc)

MS

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made 
for programs that DON'T have their own logic to call OpenSSL (or whatever) to 
do their own encryption.  Let's use clear-text FTP as an example.  So somehow, 
AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of 
like VPN does, but only for that one application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
>
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation.  Character is
> what you are, reputation merely what others think you are." - John
> Wooden
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
>
> Hi LBD!,
>
> Check these out-
>
>
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>
> - KB
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation. Character is
>> what you are, reputation merely what others think you are." - John
>> Wooden
>>
>>
>> -
>> -
>> -
>> -
>> -
>>
>> For IBM-MAIN subscribe / signoff / archive access instructions, send
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and 

Re: [EXTERNAL] CL/SuperSession 2.1

2020-03-02 Thread Marshall Stone
A couple times now, IBM offers a migration service with a PSR type person and 
some REXX code that migrates the user DB and other files to CL/SS but it isn’t 
cheap- Screen scrapers apps like from CICS have to be tested thoroughly and the 
screen images exactly duplicated.

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Steve Beaver
Sent: Friday, February 28, 2020 1:35 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] CL/Supersesson 2.1

Has anyone moved from NVAS to CL/Supersession 2.1?

Any big gottcha's I need to look for?

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: [E!] Re: Automatic Alias Creation

2019-05-22 Thread Marshall Stone
At the previous shop they used sailpoint to replace most of the RACF team... 
just sayin

MS
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
John P. Baker
Sent: Wednesday, May 22, 2019 2:07 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [E!] Re: Automatic Alias Creation

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



Sasan,

SailPoint IIQ can be customized to issue the IDCAMS DEFINE ALIAS and the IDCAMS 
DELETE ALIAS commands.

The "CTSx" STCs will need to have the requisite "READ" access to resource 
ID "STGADMIN.IGG.DEFDEL.UALIAS" in resource class ID "FACILITY".

John P. Baker

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Sasan Mirkhani
Sent: Wednesday, May 22, 2019 2:03 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [E!] Re: Automatic Alias Creation

That's actually what we've been doing for a long time. Our Sec admins use ISPF 
interface to make all RACF/TSO definitions. We will soon be using a new product 
to provision RACF IDs called Sailpoint IIQ. IIQ uses LDAP Server to provision 
RACF IDs and that will most likely be done by Helpdesk or other users who have 
little knowledge of RACF and TSO.

We have to figure out a way to automate the ALIAS creation process when a RACF 
ID with TSO segment is defined but I'm not sure how we can do that yet.

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Carmen Vitullo
Sent: May-22-19 1:56 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [E!] Re: Automatic Alias Creation

who is responsible for setting up the ID's?
most places I've been its the security team that creates the ID' provides the 
access to resources and creates the alias's, that can be, and have been 
streamlined in a lot of places I worked, the SECADMIN's only need to run a REXX 
or CLIST, provide the ID to get started and that script creates all the 
required security, and creates the ALIAS for the ID



Carmen Vitullo

- Original Message -

From: "Sasan Mirkhani" 
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Wednesday, May 22, 2019 12:41:13 PM
Subject: Automatic Alias Creation

Hi list,

We're currently provisioning RACF IDs using the Tivoli Directory Server (LDAP 
SDBM backend). For IDs that are defined with TSO segment we need to figure out 
a way to automatically create an ALIAS. What would be the best way to go about 
this? I've thought about doing it in our LOGON PROC, however that would require 
users to have UPDATE access to the master catalog which we would like to avoid. 
How else can we go about this?

Thanks

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: LU2 type sample logmode

2019-04-22 Thread Marshall Stone
SNADYNA comes to mind it might have been a custom LOGMODE

MS

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Seymour J Metz
Sent: Monday, April 22, 2019 11:31 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: LU2 type sample logmode

Wouldn't it be better to use a logmode that permits a negotiated BIND?


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of Joe 
Monk 
Sent: Sunday, April 21, 2019 4:32 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: LU2 type sample logmode

https://secure-web.cisco.com/1pNNReLUL6TEcTNN0QHFj4wEtQ426-QYfh2pRfmtkbgNPfz0lLtYveRIl4dhKPh2Hfab0VLwJKpS5yP-FtoHMZD-CU3cxpeW2avh2o8vmkobbB_d61aGT89_pAZXOWt8m747LqJWGdJEUftn2mpZSuhy-PkI7rS6LIMCRAgIDGgY6ypVHp8zpH-uWP_j__2u11VteiSimn0kq1jkm4CqIxkmdFTbNGEtC4Uihr8_lMvXHMlxIfgXpRQTI2vDhSc08DRe43SBQ_6gOp9Gw4x657xJWkSyQUZv5IISR0QI_Rl3TAjq9AjtPnUCTfXtrxzE-_5N1YcuvUUltUz8XtAHtEC_5R_imBdjp09iUl0yVNxkyaQjTOBa1gC-0upRORpklUgXBbOF14EkaUoWvi8USpH6Q-tTsNRZClNJ8oJOC7oiQQWXc3Gv2aUjO-JrGk8dE/https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSSLTBW_2.3.0%2Fcom.ibm.zos.v2r3.istrdr0%2Fdeflogt.htm#deflogt

Usually D4A32782 or SNX32702 is pretty good...

Joe

On Sun, Apr 21, 2019 at 1:46 AM Jake Anderson 
wrote:

> Hi
>
> Are there a IBM supplied LU2 type logmode for tso logon ?
>
> I am looking for a sample definition to build a TSO LU2 type definition.
>
> Any pointers are much appreciated
>
> Jake
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CSSMTP

2019-04-17 Thread Marshall Stone
That’s interesting - The TCPIP.SEZALOAD on these z/OS V2.3 systems do not have 
MVPMAIN load module anymore. Could someone have copied it?

MS
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Carmen Vitullo
Sent: Wednesday, April 17, 2019 10:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CSSMTP

what program is not found? 
looks like out network guy has an SMTP address space started using MVPMAIN, I 
see this program still in my 2.3 TCPIP.SEZATCP loadlib is there another program 
in the call charin that is no longer there? 
also from the migration Guide Share presentation I have sez. 


z/OS V2.3 is the last release to include the Simple Mail Transport Protocol 
Network Job Entry (SMTPD NJE) Mail Gateway and Sendmail mail transports. If you 
use the SMTPD NJE Gateway to send mail, use the existing CSSMTP SMTP NJE Mail 
Gateway instead. IBM had announced plans to provide a replacement program for 
the Sendmail client that would not require programming changes. Those plans 
have changed, and IBM plans to provide a compatible subset of functions for 
Sendmail in the replacement program and to announce those functions in the 
future. Programming changes or alternative solutions to currently provided 
Sendmail functions might be required. No replacement function is planned in 
z/OS Communications Server to support using SMTPD or Sendmail as a (SMTP) 
server for receiving mail for delivery to local TSO/E or z/OS UNIX System 
Services user mailboxes, or for forwarding mail to other destinations. 


- confused 0 



Carmen Vitullo 

- Original Message -

From: "Marshall Stone"  
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Wednesday, April 17, 2019 9:12:54 AM 
Subject: Re: CSSMTP 

Also you are going from basically a POP mail server with full functions to a 
spool offload program that just forwards files to your corporate mail server. 
In V2.3 and above the mail program is no longer found, but we did cheat and 
copy the module from V2.2 and it worked in the lab under V2.3. 

MS 
-Original Message- 
From: IBM Mainframe Discussion List  On Behalf Of 
Wawiorko, Mike : Infrastructure Services 
Sent: Wednesday, April 17, 2019 10:05 AM 
To: IBM-MAIN@LISTSERV.UA.EDU 
Subject: Re: CSSMTP 

The biggest problem with migrating to CSSMTP would be not doing it. 

If you try to stick with SMTP, when you upgrade z/OS you'd have nothing as SMTP 
would stop working. 

Mike Wawiorko 
_
 

This message is for information purposes only, it is not a recommendation, 
advice, offer or solicitation to buy or sell a product or service nor an 
official confirmation of any transaction. It is directed at persons who are 
professionals and is not intended for retail customer use. Intended for 
recipient only. This message is subject to the terms at: 
www.barclays.com/emaildisclaimer. 

For important disclosures, please see: 
www.barclays.com/salesandtradingdisclaimer regarding market commentary from 
Barclays Sales and/or Trading, who are active market participants; and in 
respect of Barclays Research, including disclosures relating to specific 
issuers, please see http://publicresearch.barclays.com. 

__
 
If you are incorporated or operating in Australia, please see 
https://www.home.barclays/disclosures/importantapacdisclosures.html for 
important disclosure. 
__
 
__
 
How we use personal information see our privacy notice 
https://www.investmentbank.barclays.com/disclosures/personalinformationuse.html 
_
 

 
Barclays offers wealth and investment management products and services to its 
clients through Barclays Bank PLC. This email may relate to or be sent from 
other members of the Barclays Group. 
The availability of products and services may be limited by the applicable laws 
and regulations in certain jurisdictions. 
The Barclays Group does not normally accept or offer business instructions via 
internet email. Any action that you might take upon this message might be at 
your own risk. 
This email and any a

Re: CSSMTP

2019-04-17 Thread Marshall Stone
Also you are going from basically a POP mail server with full functions to a 
spool offload program that just forwards files to your corporate mail server.  
In V2.3 and above the mail program is no longer found, but we did cheat and 
copy the module from V2.2 and it worked in the lab under V2.3.

MS
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Wawiorko, Mike : Infrastructure Services
Sent: Wednesday, April 17, 2019 10:05 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CSSMTP

The biggest problem with migrating to CSSMTP would be not doing it.

If you try to stick with SMTP, when you upgrade z/OS you'd have nothing as SMTP 
would stop working.

Mike Wawiorko
_

This message is for information purposes only, it is not a recommendation, 
advice, offer or solicitation to buy or sell a product or service nor an 
official confirmation of any transaction. It is directed at persons who are 
professionals and is not intended for retail customer use. Intended for 
recipient only. This message is subject to the terms at: 
www.barclays.com/emaildisclaimer.

For important disclosures, please see: 
www.barclays.com/salesandtradingdisclaimer regarding market commentary from 
Barclays Sales and/or Trading, who are active market participants; and in 
respect of Barclays Research, including disclosures relating to specific 
issuers, please see http://publicresearch.barclays.com.

__
If you are incorporated or operating in Australia, please see 
https://www.home.barclays/disclosures/importantapacdisclosures.html for 
important disclosure.
__
__
How we use personal information  see our privacy notice 
https://www.investmentbank.barclays.com/disclosures/personalinformationuse.html
_


Barclays offers wealth and investment management products and services to its 
clients through Barclays Bank PLC. This email may relate to or be sent from 
other members of the Barclays Group.
The availability of products and services may be limited by the applicable laws 
and regulations in certain jurisdictions.
The Barclays Group does not normally accept or offer business instructions via 
internet email. Any action that you might take upon this message might be at 
your own risk.
This email and any attachments are confidential and intended solely for the 
addressee and may also be privileged or exempt from disclosure under applicable 
law. If you are not the addressee, or have received this email in error, please 
notify the sender immediately, delete it from your system and do not copy, 
disclose or otherwise act upon any part of this email or its attachments.
Internet communications are not guaranteed to be secure or without viruses. The 
Barclays Group does not accept responsibility for any loss arising from 
unauthorised access to, or interference with, any Internet communications by 
any third party, or from the transmission of any viruses. Replies to this email 
may be monitored by the Barclays Group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not 
relate to the business of the Barclays Group is personal to the sender and is 
not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised by the Prudential Regulation Authority and 
regulated by the Financial Conduct Authority and the Prudential Regulation 
Authority ( Financial Services Register No. 122702).
__
If you are incorporated or operating in Australia, please see 
https://www.home.barclays/disclosures/important-apac-disclosures.html for 
important disclosure.

Re: z?OSMF

2019-04-16 Thread Marshall Stone
I use configuration assistant very often to maintain Policy Agent configs 
(IPSec TLSv12, IDS, etc)

Regards,
Marshall Stone
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Steve Beaver
Sent: Tuesday, April 16, 2019 3:37 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: z?OSMF

z/OSMF to say it mildly is a lot to configure.



Is anyone getting any use of z/OSMF other than a lot of work



TIA


Steve




--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. Thank 
you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN