ACF2 z/OSMF Signon CWWKS1100A/CWWKB0117W ENVIRONMENT MUST BE CONTROLLED FOR DAEMON
search cancel

ACF2 z/OSMF Signon CWWKS1100A/CWWKB0117W ENVIRONMENT MUST BE CONTROLLED FOR DAEMON

book

Article ID: 144876

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

ACF2 R16 and z/os 2.2.
z/OSMF Signon error. Joblog shows:                                                

BPXP015I HFS PROGRAM /usr/lpp/zosmf/lib/libIzuTsoSrvJni64.so IS NOT        
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING.  MARKED PROGRAM CONTROLLED.  

stdout                                                

CWWKS1100A: Authentication did not succeed for user ID xxxxxxxx. An invalid user ID or password was specified 

stderr                                                

CWWKS2933E: The username and password could not be checked because the BPX.DAEMON profile is active, and 
the address space is not under program control  

Environment

Release : 16.0
Component : CA ACF2 for z/OS

Resolution

To address the CWWKS1100A/CWWKB0117W errors be sure to code resource rules for Resource Class SERVER for the z/OSMF server logonid for the following resources:

BBG.SECPFX.IZUDFLT 
BBG.ANGEL
BBG.ANGEL.IZUANG1 
BBG.AUTHMOD.BBGZSAFM 
BBG.AUTHMOD.BBGZSAFM.SAFCRED 
BBG.AUTHMOD.BBGZSAFM.ZOSWLM 
BBG.AUTHMOD.BBGZSAFM.TXRRS 
BBG.AUTHMOD.BBGZSAFM.ZOSDUMP 

Note that the default internal CLASMAP, maps Resource class SERVER to TYPE(SAF). Most sites will INSERT a site defined GSO CLASMAP record to map the Resource class SERVER to a unique TYPE code other than SAF to facilitate rule writing as recommended. The above resource rules should be written for the TYPE code that the site uses for Resource class SERVER. To display the current CLASMAP definitions the TSO, ACF, SHOW CLASMAP command can be issued.

Sample commands to add resource rules for the above Resource class SERVER resources follow.

ACF
SET RESOURCE(SAF)
RECKEY BBG ADD( SECPFX.IZUDFLT UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( ANGEL UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( ANGEL.IZUANG1 UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.SAFCRED UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.ZOSWLM UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.TXRRS UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.ZOSDUMP UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)