IBM GC28-1920-01 manual Seelogical, Seemultisystem

Page 92

is the local LU, and the LU through which communication is received is the partner LU.P

local

node .

The

RRSF

 

node

from

whose

point

 

 

partner logical

unit

(partner

LU)

 

.

Partner

LUs

are

 

 

 

 

 

 

 

of

view

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

defined

 

to

the

you

 

are

talking. For

 

example,

 

if

MVSA

and

MVSB

LUs

 

defined to remote systems; LUs

 

 

 

 

 

are

 

 

 

are

local

 

LUs. It

is

 

a

matter

of

a

poi

two

 

RRSF

nodes

that

 

are

 

logically

connected,

MVS

system

 

 

 

 

 

 

from

 

 

 

the

point

 

of

 

view

of

 

the

remote system,

 

MVSA's

point

of

view

MVSA

is

the

local

node,

 

view. From

 

 

 

 

and

from

to

that

system

are

 

local

LUs,

 

and

the

ones

MVSB's

 

point

of

view

 

MVSB

 

is

the

local

 

 

 

defined

 

 

 

 

 

node. See

also

the

partner

 

LUs.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

remote

node.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

MVS

are

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A

partner

LU

might

or

might

not

be

on

the

same

sys

logical unit . A port providing formatting, stateas the local LU. When both LUs are on the same

 

synchronization,

and

other

 

high-level

services

 

through

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

is

initiate

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

system, the LU through which communication

which

an

end

user

communicates

with

another

 

end

 

user

 

 

LU,

and

the

LU

through

which

 

 

 

 

over

an

SNA

network.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

is

the

local

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

communication is received is the partner

LU.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

LU .

 

Seelogical

unit.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PassTicket .

 

An

alternative

 

to

the

 

RACF

password

that

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

permits workstations and client machines to

 

 

 

 

 

 

M

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

communicate

 

with

the

 

host. It

allows

a

user

to

gain

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

access

to

 

the

host

 

system

without

sending

the

RACF

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

main

system .

 

The

system

 

on

 

a

multisystem

RRSF password

across

the

 

network.

 

 

 

 

 

 

 

 

 

 

 

 

 

node

that

is

 

designated

to

receive

most

of

the

RRSF

 

In

computer

security,

 

a

string

of

 

charac

communications

sent

to

the

 

node.

 

 

 

 

 

 

password .

 

 

 

 

 

 

 

 

 

 

known to the computer system and a

user,

who

 

must

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

member

 

system

.

Any

one

of

the

MVS

 

system

 

 

specify

it

to

gain

 

full

or

limited

access

to

a sys

 

 

 

images

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF,

the

password

in

a

 

multisystem

RRSF

node.

 

 

 

 

 

 

 

 

 

to

the data stored within it. In

 

 

 

 

 

 

 

 

 

 

used

 

to

verify

the

identity

of

the user.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

multisystem

node

 

.

Seemultisystem

 

RRSF

node

 

 

password

synchronization

 

 

 

.

An

option

 

which

can

be

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

multisystem

RRSF

node

 

.

An

 

RRSF

 

node

consisting

 

specified

 

when

a

peer

user

ID

association is def

 

 

 

 

between two user IDs. If

password

synchronization

i

of

multiple MVS

system

images

 

that

share

the

 

 

same

 

 

 

for

a

user

ID

association,

then

whenever

RACF

 

database. One

of

the

systems

 

is

 

 

 

specified

 

 

 

designated

 

to

for

one

of

the

associated

user

IDs

is

 

be

the

main

system,

and

it

receives

most

 

password

 

of the RRSF

 

 

 

 

 

 

 

 

 

 

 

other user ID is

 

communications

sent

to

the

 

node.

 

 

 

 

 

 

changed, the password for the

 

 

 

 

 

 

 

 

automatically changed to the newly

defined

password.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

MVS .

Multiple

virtual

storage. Implies

MVS/370,See

 

alsoautomatic

password

 

direction.

 

 

 

 

 

 

 

 

 

MVS/XA,

and

MVS/ESA.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

permission

bits .

 

In

OpenEdition

 

MVS,

part

of

security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

N

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

controls for directories and files

stored

in

 

the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

hierarchical file system (HFS). Used

to

 

grant

 

read,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

write, search (just directory), or

execute

(just

f

NetView

 

segment

 

.

 

The

portion of a RACF profileaccess to owner, owner's group, or

all

others.

 

 

 

containing

NetView

logon

information.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

node . See RRSF node.

O

posit . A number specified for each class in the cl descriptor table that identifies a set of flags th RACF processing options. See the keyword description

for posit OS/390in Security Server (RACF) Macros and Interfaces.

OVM segment

.

The

portion of a

RACF profile process . (1) A

function being

performed

or

waiting to

containing

OVM

logon

information.

be

performed.

(2) An executing

function,

or

one waiti

 

 

 

 

to

execute. (3) A function, createdfork() request,by a

 

owner

.

The user or

group who

creates

a profile,

or

is

 

sections:

 

 

named the owner

of

a

profile. The

owner

with

three

logical

 

 

can modify,

 

 

 

 

 

 

 

list,

or

delete

the

profile.

 

 

Ÿ

Text,

which is the function's instructions.

 

 

 

 

 

 

 

 

 

Ÿ

Data,

which

the

instructions

use but do not chang

 

 

 

 

 

 

 

 

Ÿ

Stack,

which is a push-down, pop-up save area of

 

 

 

 

 

 

 

 

 

the

dynamic

data

that

the

function operates

upon.

 

 

 

 

 

 

 

 

The

 

three

types

of

processes

are:

 

 

 

 

 

 

 

 

 

Ÿ

User

processes,

which

are

associated with

a us

 

 

 

 

 

 

 

 

 

a

workstation

 

 

 

 

 

 

68

OS/390

V1R2.0

Security

Server

(RACF)

Planning: Installation

and

Migration

 

 

 

 

Image 92
Contents Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents MigrationAuditing Considerations Administration ConsiderationsCustomization Considerations Operational Considerations IndexChapter 10. ApplicationPage Figures Page Notices Trademarks How to Use This About This BookWho Should Use This Book xiiiWhere to Find More Information Softcopy PublicationsŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 ServerAdministration, H3927 Elements of Security RACF Installation - Student GG24-3971NotesUsing the Ÿ Tutorial Options for Tuning GG22RACFOther Sources of Information IBM Discussion AreasInternet Sources listserv@uga.cc.uga.eduPublications To Request Copies ofFeatures OS/390xviii ServiceŸ OpenEdition ProductOSA/SF V2R5TSO/EPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations Auditing Considerations Operational ConsiderationsApplication Development Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced SupportOS/390 OpenEdition DCE identifiesfunction introduced in OS/390 ReleaseConcepts CheckAuthorizing and Auditing Server Access to the CCS and WLM Services Auditing the Passing of Access RightsOS/390 OpenEdition SOMobjects for MVSMultisystem Nodes RRSF Networknon-main systemsTARGET OS/390 Enable and Disable FunctionsYear NetView 1.10classes FacilityFunction Not Upgraded updated foridentifies function thatComponents for Release3. Summary of Class Descriptor Table CDTCommands lists classeswhich thereCommand Chapter 3. Summary of Changes to RACF Components for OS/390 15ReleaseData Areas Exitslists changed general-use programming interface GUPI data areMacros MessagesFigure 12 lists changes RACF macrosNew Messages Changed MessagesMessages RACF Database Split/Merge Utility IRRUT400Panels Publications LibraryRoutines Figure 13 lists RACF panels that areSYS1.SAMPLIB TemplatesFigure 16 identifies changes to RACF members of SYS1.SAMPLIB RACROUTE REQUEST=EXTRACTTemplate UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release Utility 0280OS/390 Security Server RACF Planning Installation and forMigration RACF Planning Installation and Migrationfor RACFChapter 4. Planning Considerations Migration StrategyRACF Planning Installation and Migrationfor RACF 2.1, and Hardware RequirementsSoftware Requirements RACF Migration and Planning for RACFRequirements CompatibilityCompatibility Considerations for Remote Sharing Page Chapter 5. Installation Considerations Enabling RACFConsiderations Networksinstallation configuredare in your existing workspace data sets when you install multisystem RChapter 5. Installation Considerations29 mustprefix nodenamesysname local-luprefix.local-node.local-node .INMSG RACF Storage Considerations Virtual StorageThis section discusses storage considerations for RACF Figure 21 estimates RACF virtual storage usage, for planning purposesCustomer Additions to the CDT SubpoolTemplates for RACF on OS/390 Releaseinformation, OS/390see Security Server SystemChapter 6. Customization Considerations Exit Processingand IRRSXT00 Effects of OS/390 OpenEdition DCEIRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01Chapter 7. Administration Considerations Server RACF Security Administrators. GuideCross-Linking Between RACF Users signonActivating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions Enhancements to the Rdceruid Callable ServiceUtility Chapter 7. Administration Considerations43 SYSMVIEWPage Chapter 8. Auditing Considerations SMF RecordsAuditors Guide and OS/390 Server RACF MacrosInterfaces ServicesAuditing New OS/390 Auditing OS/390 OpenEdition DCE Support Auditing SystemView for MVS SupportReport Writer SMF Data Unload UtilityPage Command OS/390 Security Server RACF Command Language Referencefor moreChapter 9. Operational Considerations Enabling and DisablingPage Chapter 10. Application Development Considerations 2000 SupportServers 01yydddFNew Application Services and Security pthread the securitynpService New Application AuthorizationChanges to the Class Descriptor Table Programming InterfacesŸ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on pageChapter 11. General User ConsiderationsOpenEdition Reference forPage Chapter 12. NJE Considerations APAR OW14451OW08457 After Applying the PTFActions Required OW08457UACC NODESFAILSAFE APAR OW15408GROUP Page Chapter 13. Scenarios Migrating an ExistingNodes RRSFprefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVE On MIAMI2prefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 DELETEDELETE RACF DiagnosisOn ORLANDO prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note Thedirection Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seelogical Seemultisystemlogical other.single-system supervisorytask segment andDFP Index A classes continuedcontinued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page Communicating Your Comments to IBM commentsReaders Comments - Wed Like to Hear from You OS/390 Security Server RACF Planning Installation and MigrationPublication No. GC28-1920-01 Note CopiesMAIL REPLYBUSINESS IBMPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here