Configuring AT-TLS in z/OS guest systems: 1. RACF security definitions. Please note that some commands are case sensitive: a) Define the RACF authorization for PAGENT started task and pasearch command SETROPTS CLASSACT(STARTED) SETROPTS RACLIST(STARTED) SETROPTS GENERIC(STARTED) There is no equivelant Top secret command for the RACF SETROPTS command. This is not needed in Top Secret.
RDEFINE STARTED PAGE-NT.* RDEFINE STARTED SYSLOGD.* AU PAGE-NT NAME( Iyour name') DFLTGRP(OMVS) ALU PAGENT RALTER STARTED PAGENT.* MI-TER STARTED PAGENTI*
TSS ADD(STC) PROCNAME(PAGE-NT) ACID(TCPIP)
TSS ADD(STC) PROCNAME(SYSLOGD) ACID(TCPIP)
**The TCPIP acid already has GROUP(OMVSGRP) and DFLTGRP(OMVSGRP).
**We think this should be fine. The TCPIP acid has a complete OMVS Segment with UID(0).**
TSS ADD(dept) SERVAUTH(EZB.) ==>May already be done.
**I do not see where there is a permit for this resource but I assume acid TCPIP needs it since it was defined: TSS PERMIT(TCPIP) SERVAUTH(EZB.INITSTACK.OLNISYSI.TCPIP.) ACCESS(READ)
Note: sysname = Ipar name, OLNISYSI or OLNISYS3 TCPImage = TCPIP started task name which is TCPIP b) Define the RACF authorization for TCPIP started tasks. AU TCPIP NAME(90ur name') DFLTGRP(OMVS) ALU TCPIP RDEFINE STARTED UACC(NONE) OWNER(IBMUSER) RALT STARTED DATACyour last name, first name - email address') + GROUP(OMVS)) SETROPTS REFRESH SETROPTS REFRESH RACLIST(STARTED) c) Add user authority for RACF RACDCERT command SETROPTS CLASSACT(DIGTCERT DIGTRING) RDEFINE FACILITY IRR,DIGTCERT.LISTRING UACC(NONE) RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
TSS ADD(dept) IBMFAC(IRR.) ==>May already be done.