Any RACF experts with CA IDMS have knowledge on this post?
I work for CA IDMS supporting all our great clients.
I have a client who is NOT getting some RACF messages
when they sign on successfully.
The client gets violation messages sent to their terminal while
doing a signon to the CA IDMS CV but successful signon does not send
any messages to the VTAM terminal.
Specifically, if they use Top Secret (TSS) on CA IDMS and
signon using the correct password with the userid, they
receive the external security messages on the terminal as follows:
**RACF using external security: Message when logging in via VTAM when
IDMS DC258002 V237 ENTER PASSWORD
IDMS DC258003 V237 USER XXXXXXX SIGNED ON LTERM vtamlte AT 15:16:41.96 13.290
Vxxx ENTER NEXT TASK CODE: CA IDMS release 17.0 tape GJH01B node etc.
*-- TSS next -*
**TSS using external security: Message when logging in via VTAM as an
IDMS DC258002 Vxx ENTER PASSWORD
IDMS DC258003 Vxx USER xxxxxxx SIGNED ON LTERM vtamlte AT 15:11:16.65 13.290
TSS7003W Password Will Expire on 10/25/13
TSS7000I xxxxxxx Last-Used 17 Oct 13 15:11 System=AAA Facility=BBB
TSS7001I Count=12305 Mode=Fail Locktime=None Name=lastname,firstname
Vxx ENTER NEXT TASK CODE: CA IDMS release 17.0 tape GJH01B node etc.
As you can see, the client does get messages from TSS but not from RACF.
They do not use any optional PTFs to suppress the external security messages.
They do get violation messages from RACF !!
It is only when an authenticated user with the correct password etc
signs on that they do not get the external messages to the VTAM terminal.
(specifically the 'Last Used' etc.)
HOWEVER, when they log on to TSO, they do get the message from RACF
(TSS too) that says:
RACF Logon to TSO:
ICH70001I xxxxxxx LAST ACCESS AT 08:50:00 ON FRIDAY, OCTOBER 18, 2013
ICH70002I YOUR PASSWORD WILL EXPIRE IN 7 DAYS.
IKJ56455I xxxxxxx LOGON IN PROGRESS AT 08:50:41 ON OCTOBER 18, 2013
I took a SLIP trap in CA IDMS when we returned from the external RACF
security call and the returned control block had no messages in it
when the userid/password was valid (no error).
Are there any CA IDMS RACF users with RACF external security for SIGNON
enabled who have this same symptom?
In a nutshell - valid signon with RACF - no messages on VTAM terminal
signon violation - client gets messages from RACF to
their VTAM terminal.
I did think that I read somewhere that RACF can suppress messages,
but the sysprogs at the site say they do not have that in effect.
If you do get RACF messages on a valid signon, let me know.
I have no RACF CA IDMS setup currently.
Thanks - the client asked if I could post this for them.
You can email me directly if you wish.. email@example.com
Principal Software Engineer