ACF2 R16 and z/os 2.2.
z/OSMF Signon error. Joblog shows:
BPXP015I HFS PROGRAM /usr/lpp/zosmf/lib/libIzuTsoSrvJni64.so IS NOT
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING. MARKED PROGRAM CONTROLLED.
stdout
CWWKS1100A: Authentication did not succeed for user ID xxxxxxxx. An invalid user ID or password was specified
stderr
CWWKS2933E: The username and password could not be checked because the BPX.DAEMON profile is active, and
the address space is not under program control
Release : 16.0
Component : CA ACF2 for z/OS
To address the CWWKS1100A/CWWKB0117W errors be sure to code resource rules for Resource Class SERVER for the z/OSMF server logonid for the following resources:
BBG.SECPFX.IZUDFLT
BBG.ANGEL
BBG.ANGEL.IZUANG1
BBG.AUTHMOD.BBGZSAFM
BBG.AUTHMOD.BBGZSAFM.SAFCRED
BBG.AUTHMOD.BBGZSAFM.ZOSWLM
BBG.AUTHMOD.BBGZSAFM.TXRRS
BBG.AUTHMOD.BBGZSAFM.ZOSDUMP
Note that the default internal CLASMAP, maps Resource class SERVER to TYPE(SAF). Most sites will INSERT a site defined GSO CLASMAP record to map the Resource class SERVER to a unique TYPE code other than SAF to facilitate rule writing as recommended. The above resource rules should be written for the TYPE code that the site uses for Resource class SERVER. To display the current CLASMAP definitions the TSO, ACF, SHOW CLASMAP command can be issued.
Sample commands to add resource rules for the above Resource class SERVER resources follow.
ACF
SET RESOURCE(SAF)
RECKEY BBG ADD( SECPFX.IZUDFLT UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( ANGEL UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( ANGEL.IZUANG1 UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.SAFCRED UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.ZOSWLM UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.TXRRS UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.ZOSDUMP UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)