AnsweredAssumed Answered

No RACF messages to CA IDMS VTAM terminal on valid signon

Question asked by Edward_McKinney Employee on Dec 3, 2013
Latest reply on Jan 10, 2014 by Edward_McKinney

 Any RACF experts with CA IDMS have knowledge on this post?
 I work for CA IDMS supporting all our great clients.
 I have a client who is NOT getting some RACF messages
 when they sign on successfully.
 The client gets violation messages sent to their terminal while
 doing a signon to the CA IDMS CV but successful signon does not send
 any messages to the VTAM terminal.
 Specifically, if they use Top Secret (TSS) on CA IDMS and
 signon using the correct password with the userid, they
 receive the external security messages on the terminal as follows:
  **RACF using external security:  Message when logging in via VTAM when
  authenticated
  IDMS DC258002 V237 ENTER PASSWORD
  IDMS DC258003 V237 USER XXXXXXX SIGNED ON LTERM vtamlte AT 15:16:41.96 13.290
  Vxxx  ENTER NEXT TASK CODE:      CA IDMS release 17.0 tape GJH01B node etc.
  *-- TSS next -*
  **TSS using external security:  Message when logging in via VTAM as an
  authenticated user:
  IDMS DC258002 Vxx ENTER PASSWORD
  IDMS DC258003 Vxx USER xxxxxxx SIGNED ON LTERM vtamlte  AT 15:11:16.65 13.290 

  TSS7003W Password Will Expire on 10/25/13
  TSS7000I xxxxxxx Last-Used 17 Oct 13 15:11 System=AAA Facility=BBB
  TSS7001I Count=12305 Mode=Fail Locktime=None Name=lastname,firstname
  Vxx  ENTER NEXT TASK CODE:      CA IDMS release 17.0 tape GJH01B node etc.
  *-------------*
  As you can see, the client does get messages from TSS but not from RACF.
  They do not use any optional PTFs to suppress the external security messages.
  They do get violation messages from RACF !!
  It is only when an authenticated user with the correct password etc
  signs on that they do not get the external messages to the VTAM terminal.
  (specifically the 'Last Used' etc.)
  HOWEVER, when they log on to TSO, they do get the message from RACF
  (TSS too) that says:
  RACF Logon to TSO:
  ICH70001I xxxxxxx  LAST ACCESS AT 08:50:00 ON FRIDAY, OCTOBER 18, 2013
  ICH70002I YOUR PASSWORD WILL EXPIRE IN   7 DAYS.
  IKJ56455I xxxxxxx LOGON IN PROGRESS AT 08:50:41 ON OCTOBER 18, 2013
 *----------*
  I took a SLIP trap in CA IDMS when we returned from the external RACF
 security call and the returned control block had no messages in it
 when the userid/password was valid (no error).
 ?
 Are there any CA IDMS RACF users with RACF external security for SIGNON 
 enabled who have this same symptom?
 In a nutshell - valid signon with RACF - no messages on VTAM terminal
                 signon violation - client gets messages from RACF to
                 their VTAM terminal.
 I did think that I read somewhere that RACF can suppress messages,
 but the sysprogs at the site say they do not have that in effect.
 *
 If you do get RACF messages on a valid signon, let me know.
 I have no RACF CA IDMS setup currently.
 Thanks - the client asked if I could post this for them.
 You can email me directly if you wish..    edward.mckinney@ca.com
 

 Edward McKinney
 CA Technologies
 Principal Software Engineer
 CA IDMS

 

Outcomes