Re: TMSINIT
Thanks everyone for all the help. . On 5/13/20, 12:19 AM, "IBM Mainframe Discussion List on behalf of Russell Witt" wrote: > EXTERNAL: Do not open attachments or click on links unless you recognize and > trust the sender. > >Not exactly. The SECWTO does control if the WTOR asking for the userid and >password of the user running TMSINIT as a started task is issued or not. >However, you can change the option at any time. The "trick" is that if you >change the option; it does not take effect until AFTER you have successfully >executed TMSINIT to reset the option. So, you cannot just change the option >and then run TMSINIT without the WTOR being issued. It will be the next time >after before it takes effect. > >Now, one simple method for bypassing the WTOR is to not run TMSINIT as a >started task. If it is run as a batch job (or even from TSO if you allocate >the necessary files) you will not be prompted for the userid/password of the >user running TMSINIT. And it is NOT the user-id of TMSINIT itself; it is >simply the user-id of the person that entered the "S TMSINIT" operator >command. In other words, WHO is running TMSINIT as a started task. >If the SECWTO option is set to NO, we won't ask and will simply allow anyone >to run TMSINIT at any time (not exactly a secure way of running, but that is >an option). > >Russell Witt >CA 1 Architect >Broadcom > >-Original Message- >From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >Behalf Of Nai, Dean >Sent: Tuesday, May 12, 2020 1:25 PM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Re: TMSINIT > >If I remember correctly if SECTWO is set to yes at IPL then it remembers it >until the next IPL and if you change it to no it won't work until the next >IPL. > >Thanks:) > > >____ >From: IBM Mainframe Discussion List on behalf of >Carmen Vitullo >Sent: Tuesday, May 12, 2020 1:39 PM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Re: TMSINIT > >EXTERNAL: Do not open attachments or click on links unless you recognize >and trust the sender. > >IIRC it's the password used when you installed CA-1, one of the usermods, >some sites use the default. >it should be in a usermod or sampjcl member > > >Carmen Vitullo > >- Original Message - > >From: "Dean Nai" >To: IBM-MAIN@LISTSERV.UA.EDU >Sent: Tuesday, May 12, 2020 12:30:23 PM >Subject: TMSINIT > >I know this isn't a Z question but people on here have knowledge about most >things. > > >I'm trying to run a CA-1 TMSINIT outside of an IPL and I'm getting this >message. Nobody here knows what to reply. Any thoughts. > > >IEFTMS32 - ENTER USERID AUTHORIZED TO RUN TMSINIT > >-- >For IBM-MAIN subscribe / signoff / archive access instructions, send email >to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > >-- >For IBM-MAIN subscribe / signoff / archive access instructions, send email >to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >-- >For IBM-MAIN subscribe / signoff / archive access instructions, send email >to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >-- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: TMSINIT
Not exactly. The SECWTO does control if the WTOR asking for the userid and password of the user running TMSINIT as a started task is issued or not. However, you can change the option at any time. The "trick" is that if you change the option; it does not take effect until AFTER you have successfully executed TMSINIT to reset the option. So, you cannot just change the option and then run TMSINIT without the WTOR being issued. It will be the next time after before it takes effect. Now, one simple method for bypassing the WTOR is to not run TMSINIT as a started task. If it is run as a batch job (or even from TSO if you allocate the necessary files) you will not be prompted for the userid/password of the user running TMSINIT. And it is NOT the user-id of TMSINIT itself; it is simply the user-id of the person that entered the "S TMSINIT" operator command. In other words, WHO is running TMSINIT as a started task. If the SECWTO option is set to NO, we won't ask and will simply allow anyone to run TMSINIT at any time (not exactly a secure way of running, but that is an option). Russell Witt CA 1 Architect Broadcom -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Nai, Dean Sent: Tuesday, May 12, 2020 1:25 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: TMSINIT If I remember correctly if SECTWO is set to yes at IPL then it remembers it until the next IPL and if you change it to no it won't work until the next IPL. Thanks:) From: IBM Mainframe Discussion List on behalf of Carmen Vitullo Sent: Tuesday, May 12, 2020 1:39 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: TMSINIT EXTERNAL: Do not open attachments or click on links unless you recognize and trust the sender. IIRC it's the password used when you installed CA-1, one of the usermods, some sites use the default. it should be in a usermod or sampjcl member Carmen Vitullo - Original Message - From: "Dean Nai" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Tuesday, May 12, 2020 12:30:23 PM Subject: TMSINIT I know this isn't a Z question but people on here have knowledge about most things. I'm trying to run a CA-1 TMSINIT outside of an IPL and I'm getting this message. Nobody here knows what to reply. Any thoughts. IEFTMS32 - ENTER USERID AUTHORIZED TO RUN TMSINIT -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: TMSINIT
As has been pointed out The message is produced when SECWTO is set to YES -Original Message- From: IBM Mainframe Discussion List On Behalf Of Nai, Dean Sent: Tuesday, May 12, 2020 10:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: TMSINIT I know this isn't a Z question but people on here have knowledge about most things. I'm trying to run a CA-1 TMSINIT outside of an IPL and I'm getting this message. Nobody here knows what to reply. Any thoughts. IEFTMS32 - ENTER USERID AUTHORIZED TO RUN TMSINIT -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: TMSINIT
If I remember correctly if SECTWO is set to yes at IPL then it remembers it until the next IPL and if you change it to no it won't work until the next IPL. Thanks:) From: IBM Mainframe Discussion List on behalf of Carmen Vitullo Sent: Tuesday, May 12, 2020 1:39 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: TMSINIT EXTERNAL: Do not open attachments or click on links unless you recognize and trust the sender. IIRC it's the password used when you installed CA-1, one of the usermods, some sites use the default. it should be in a usermod or sampjcl member Carmen Vitullo - Original Message - From: "Dean Nai" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Tuesday, May 12, 2020 12:30:23 PM Subject: TMSINIT I know this isn't a Z question but people on here have knowledge about most things. I'm trying to run a CA-1 TMSINIT outside of an IPL and I'm getting this message. Nobody here knows what to reply. Any thoughts. IEFTMS32 - ENTER USERID AUTHORIZED TO RUN TMSINIT -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: TMSINIT
We reply the TSO USERID of the Operator that started TMSINIT. It will then ask them to enter their password. You can set the SECWTO option in the TMOOPTxx member of CTAPOPTN to NO if you do not want to validate that the operator executing TMSINIT as a started task has the correct level of authority. On Wed, 13 May 2020 at 01:30, Nai, Dean wrote: > I know this isn't a Z question but people on here have knowledge about > most things. > > > I'm trying to run a CA-1 TMSINIT outside of an IPL and I'm getting this > message. Nobody here knows what to reply. Any thoughts. > > > IEFTMS32 - ENTER USERID AUTHORIZED TO RUN TMSINIT > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: TMSINIT
If you are a high enough version of CA1. There s now a TMSSEC00 member that describes your CA IDs and what level of authority they have. You might want to check it And there is another entry TMSOPT00 which contains your Master CA1 Password. Ask your security team if they changed anything. There are some good write ups in the CA 1 Manuals Lizette -Original Message- From: IBM Mainframe Discussion List On Behalf Of Nai, Dean Sent: Tuesday, May 12, 2020 10:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: TMSINIT I know this isn't a Z question but people on here have knowledge about most things. I'm trying to run a CA-1 TMSINIT outside of an IPL and I'm getting this message. Nobody here knows what to reply. Any thoughts. IEFTMS32 - ENTER USERID AUTHORIZED TO RUN TMSINIT -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: TMSINIT
IIRC it's the password used when you installed CA-1, one of the usermods, some sites use the default. it should be in a usermod or sampjcl member Carmen Vitullo - Original Message - From: "Dean Nai" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Tuesday, May 12, 2020 12:30:23 PM Subject: TMSINIT I know this isn't a Z question but people on here have knowledge about most things. I'm trying to run a CA-1 TMSINIT outside of an IPL and I'm getting this message. Nobody here knows what to reply. Any thoughts. IEFTMS32 - ENTER USERID AUTHORIZED TO RUN TMSINIT -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN