Is there a way to look at KEYRINGS before they were changed ?
Article ID: 195393
Updated On:
Products
Issue/Introduction
For example, KEYRINGS were changed this past Thursday morning. How can the Keyring be seen before and after the changes that were done on Wednesday?
Keyrings are stored in the ACF2 INFOSTG database as USER Profile records. Any time the ACF2 INFOSTG database is changed a SMF record is cut. The ACFRPEEL report can be run against SMF to print a report showing any changes to the ACF2 INFOSTG database.
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
The ACFRPTEL report can be run against the SMF that was active at the time of the KEYRING changes to report on Keyring changes. For example the following example shows changes to the KEYRING IZUSVR.KEYR01 followed by the ACFRPTEL report showing the changes.
Keyring IZUSVR.KEYR01 before changes:
KEYRING / IZUSVR.KEYR01 LAST CHANGED BY USER001 ON 12/10/13-18:20
DEFAULT(IZUSVR.CERT01) RINGNAME(IZUKeyring.IZUDFLT)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.ZOSMFSRV zOSMFCA CERTAUTH
IZUSVR.CERT01 DefaultzOSMFCert.IZUDFLT PERSONAL
Changes, CONNECT two certificates to the KEYRING and change the KEYRING DEFAULT:
CONNECT CERTDATA(CERTAUTH.INTER2) KEYRING(IZUSVR.KEYR01)
CONNECT CERTDATA(MYSERVER.CERT) KEYRING(IZUSVR.KEYR01)
CHANGE IZUSVR.KEYR01 DEFAULT(MYSERVER.CERT)
Keyring IZUSVR.KEYR01 AFTER changes:
KEYRING / IZUSVR.KEYR01 LAST CHANGED BY USER002 ON 07/17/20-13:36
DEFAULT(MYSERVER.CERT) RINGNAME(IZUKeyring.IZUDFLT)
The following certificates are connected to this key ring:
CERTDATA record Label Usage
----------------- -------------------------------- --------
CERTAUTH.INTER2 Intermediate Two CERTAUTH
CERTAUTH.ZOSMFSRV zOSMFCA CERTAUTH
IZUSVR.CERT01 DefaultzOSMFCert.IZUDFLT PERSONAL
MYSERVER.CERT MyServer User PERSONAL
PROFILE
Sample ACFRPTEL JCL to report on USR-USER Profiles which include KEYRING records:
//REPORT EXEC PGM=ACFRPTEL
//SYSPRINT DD SYSOUT=*
//RECMAN1 DD DISP=SHR,DSN=SYS1.MAN1
//RECMAN2 DD DISP=SHR,DSN=SYS1.MAN2
//RECMAN3 DD DISP=SHR,DSN=SYS1.MAN3
//SYSIN DD *
TITLE(ACF2 EL REPORT)
DETAIL
TYPE(USR)
CHANGES
//*
/*
Report output reflecting the changes:
DATE 07/17/20 (20.199) TIME 13.36 ACF2 EL REPORT
DATE TIME JNAME LID MODULE FUNCTION CPU C-TYP-NAME
FIELD OLD VALUE NEW VALUE
20.199 07/17 13:35 USER002 USER002 ACF0AENT REPLACE SYSA P-USR-KEYRING
CERTDATA C-CERTAUTH.ZOSMFSRV, C-CERTAUTH.INTER2,
P-IZUSVR.CERT01 C-CERTAUTH.ZOSMFSRV,
P-IZUSVR.CERT01
20.199 07/17 13:35 USER002 USER002 ACF0AENT REPLACE SYSA P-USR-CERTDATA
KEYRING MYLDAP.RING IZUSVR.KEYR01,
MYLDAP.RING
20.199 07/17 13:35 USER002 USER002 ACF0AENT REPLACE SYSA P-USR-KEYRING
CERTDATA C-CERTAUTH.INTER2, C-CERTAUTH.INTER2,
C-CERTAUTH.ZOSMFSRV, C-CERTAUTH.ZOSMFSRV,
P-IZUSVR.CERT01 P-IZUSVR.CERT01,
P-MYSERVER.CERT
20.199 07/17 13:35 USER002 USER002 ACF0AENT REPLACE SYSA P-USR-CERTDATA
KEYRING MYLDAP.RING IZUSVR.KEYR01,
MYLDAP.RING
20.199 07/17 13:36 USER002 USER002 ACF0AENT REPLACE SYSA P-USR-KEYRING
DEFAULT IZUSVR.CERT01 MYSERVER.CERT
Additional Information
Details on the ACFRPTEL report can be found in section: 'ACFRPTEL - Infostorage Update Log' of the ACF2 documentation.
Feedback
