ACF2 z/OSMF Signon CWWKS1100A/CWWKB0117W ENVIRONMENT MUST BE CONTROLLED FOR DAEMON

book

Article ID: 144876

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

ACF2 R16 and z/os 2.2.
z/OSMF Signon error. Joblog shows:                                                

BPXP015I HFS PROGRAM /usr/lpp/zosmf/lib/libIzuTsoSrvJni64.so IS NOT        
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING.  MARKED PROGRAM CONTROLLED.  

stdout                                                

CWWKS1100A: Authentication did not succeed for user ID pp00314. An invalid user ID or password was specified 

stderr                                                

CWWKS2933E: The username and password could not be checked because the BPX.DAEMON profile is active, and 
the address space is not under program control  

Environment

Release : 16.0
Component : CA ACF2 for z/OS

Resolution

To address the CWWKS1100A/CWWKB0117W errors be sure to code resource rules for Resource Class SERVER for the z/OSMF server logonid for the following resources:

BBG.SECPFX.IZUDFLT 
BBG.ANGEL 
BBG.AUTHMOD.BBGZSAFM 
BBG.AUTHMOD.BBGZSAFM.SAFCRED 
BBG.AUTHMOD.BBGZSAFM.ZOSWLM 
BBG.AUTHMOD.BBGZSAFM.TXRRS 
BBG.AUTHMOD.BBGZSAFM.ZOSDUMP 

Note that the default internal CLASMAP, maps Resource class SERVER to TYPE(SAF). Most sites will INSERT a site defined GSO CLASMAP record to map the Resource class SERVER to a unique TYPE code other than SAF to facilitate rule writing as recommended. The above resource rules should be written for the TYPE code that the site uses for Resource class SERVER. To display the current CLASMAP definitions the TSO, ACF, SHOW CLASMAP command can be issued.

Sample commands to add resource rules for the above Resource class SERVER resources follow.

ACF
SET RESOURCE(SAF)
RECKEY BBG ADD( SECPFX.IZUDFLT UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( ANGEL UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.SAFCRED UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.ZOSWLM UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.TXRRS UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)
RECKEY BBG ADD( AUTHMOD.BBGZSAFM.ZOSDUMP UID(uid for z/OSMF server logonid) SERVICE(READ) ALLOW)