ACF2

  • 1.  zOS ACF2 rexx userid/password validation (or in USS/perl) ?

    Posted Dec 22, 2016 10:49 AM

    Hello friends/community.

    I'd lke to test mach of userid/password in z/OS CA ACF2 environment by using Rexx.
    There is such way in OPSrexx (var = OPSECURE('P', 'userid', 'password', 'newpassword')  ), but this function does not work outside of OPS, where I getting error:

    IEA995I SYMPTOM DUMP OUTPUT  280                                 
    SYSTEM COMPLETION CODE=0C3  REASON CODE=00000003                 
     TIME=07.12.25  SEQ=04848  CPU=0000  ASID=0082                   
     PSW AT TIME OF ERROR  078D1000   9AC0135A  ILC 4  INTC 03       
       ACTIVE LOAD MODULE           ADDRESS=1AC012F0  OFFSET=0000006A
       NAME=OPSECURE                                                 
       DATA AT PSW  1AC01354 - 00044410  C06650B0  D00850D0          
       GR 0: 1AC0FC90   1: 1AC504B8                                  
          2: 00000000   3: 1AC02EFC                                  
          4: 1AC50190   5: 08226207                                  
          6: 00000000   7: 00000003                                  
          8: 00000000   9: 1AC0225A                                  
          A: 1AC02C78   B: 08224FC8                                  
          C: 9AC012F0   D: 1AC50190                                  
          E: 882260EA   F: 9AC012F0                                  
     END OF SYMPTOM DUMP                                            

    IRX0250E System abend code 0C3, reason code 00000003.  
    IRX0253E Abend in external function OPSECURE.          
       398 +++        spa=OPSECURE('P',word(s,7),word(s,8))

     

    Maybe I do some error, or this should not work outside of OPS (as stated in documentation).

    Is or will be implemented such support for Rexx as well ?
    Or at least, is there such option/function in USS (zOS 2.1) ?

    If not for all question, can someone give an advice, help how exactly I can create such functionality ?

    Thank you



  • 2.  Re: zOS ACF2 rexx userid/password validation (or in USS/perl) ?

    Posted Dec 22, 2016 02:12 PM

    Jan -

     

    Generally speaking, an ABEND S0C3 is the program telling you it got lost.  Many vendors, not just CA, use an S0C3 as an error "catch all", as in: This is an error, but it' should never happen so it's not worth taking the time to actually code an error handler.

     

    If you can explain what you want to do in a little more detail (we're not an OPS/MVS shop so I don't know what OPSECURE does), someone on here might have a solution for you.

     

    - Don



  • 3.  Re: zOS ACF2 rexx userid/password validation (or in USS/perl) ?

    Posted Dec 27, 2016 10:07 AM

    I need to validate/match userid/password (ACF2) in rexx. I want to build an web interface (tomcat/perl) for my ACF2 service server.
    Server with ISPF(zOS)/Xedit(zVM) interface provide, over TCPIP, options to "reset violation/reset password/display" ACF2 users on zVM and zOS nodes. From any node, you can issue such command for any node(s) (expecting that all nodes have their own separated ACF2 DB), if you are authorized, .... Service is developed for special "power users", and their access is controlled by ACF2 settings.

    This server run as socket/multitask rexx. For Web access authentication, I need to use some type of uid/pass validation. Web (perl) sends (over socket to my server/task) some request, it's verified and I can display web menu..etc....

    I was thinking that such verification will work by using OPS command OPSECURE, but it (probable) run only in OPS.
    Web/Perl interface communicate with my server without problem, but this validation is part I do not know how to complete.



  • 4.  Re: zOS ACF2 rexx userid/password validation (or in USS/perl) ?

    Posted Jan 03, 2017 08:45 AM

    Any advice how to write module for userid/password validation from TSO ?
    RACROUTE REQUEST=VERIFY  ..... ?



  • 5.  Re: zOS ACF2 rexx userid/password validation (or in USS/perl) ?
    Best Answer

    Broadcom Employee
    Posted Feb 01, 2017 03:54 PM

    Rompf,

     

    Yes you can code a program to issue a RACROUTE VERIFY call or code a program to make an ACFSVC TYPE=A call to perform system entry validation and obtain logonid records for information purposes. Details can be found in the CA ACF2 Systems Programmer Guide. Please let us know if this answers your questions. Thanks.

     

    regards,

    Michael Blaha

    ACF2 Support



  • 6.  Re: zOS ACF2 rexx userid/password validation (or in USS/perl) ?

    Broadcom Employee
    Posted Feb 01, 2017 05:23 PM

    Jan,

     

    For more information, here's a link to the CA ACF2 documentation:

     

    Invoke the CA ACF2 SVC Routines Macro (ACFSVC) - Details of invoking, including the TYPE=A operand