When trying to FTP software to an ACF2 secured mainframe, the following errors are seen in the error log:
FC3110 authServerAttls: Start Handshake
FC3119 authServerAttls: ioctl() failed on XXXXXXXXXX - EDC8121I Connection re
set. (errno2=0x77A9733D)
EZA2897I Authentication negotiation failed
Granting temporary NON-CNCL privilege to the ACF2 user allowed access and the user was then able to establish a connection.
There is nothing in the ACFRPTRV report. What is the resource rule that needs to be written?
Release : 16.0
Component : ACF2 for z/OS
Setting the TRACE bit on the logonid, re-testing, and running the RV report revealed a violation for CLEARKEY.SYSTOK-SESSION-ONLY.
The CLEARKEY.token-name resource will be queried to determine the policy for creating a clear key in contrast to a secure key when CKA_IBM_SECURE=TRUE has not been specified for key generation within ICSF.
For more information regarding this resource and how to write rules for it, see KD Article 32457: resource violations for CRYPTOZ require rules for resource validations