Using MFA bulk provisioning unix program provided by IBM for converting users to MFA. A configuration file azfbulkcmd.sh is provided but gives all directive to ESM equivalents with RACF translation.
In order to convert the translation to ESM=ACF2, the commands to ACF2 need to run using the unix tsocmd program.
What is the syntax to run the same command using /bin/tsocmd in a unix shell to ACF2?
Sample command in azfbulkcmd.sh
/bin/tsocmd "ALU $2 MFA(FACTOR($3) NOACTIVE NOPWFALLBACK NOTAGS)"
Where $2 would be the userid/logonid; $3 would be the MFA factor name -- variables specified as arguments on the unix command.
Release : 16.0
ACF2 equivalent to 'IBM Sample command in azfbulkcmd.sh'.
/bin/tsocmd "ALU $2 MFA(FACTOR($3) NOACTIVE NOPWFALLBACK NOTAGS)"
Where $2 would be the userid/logonid; $3 would be the MFA factor name -- variables specified as arguments on the unix command.
What is the syntax to run the same command using /bin/tsocmd in a unix shell to ACF2?
The ACF2 ACFUNIX Utility in USS can be used similar to the TSO command, but there is USS configuration that needs to be done, which consists of creating a symbolic link to find the utility and adding the directory that contains the symbolic link to the PATH:
Once USS is configured the appropriate ACF commands can be issued from OMVS, for example.
Create an MFA user profile data record:
From TSO:
SET PROFILE(USER) DIVISION(MFA)
INSERT USER01.FACTORNAME ACTIVE TAGS(TSTUSERID:BobS)
From OMVS:
acfunix "MULT SET PROFILE(USER) DIVISION(MFA)~INSERT USER01.FACTORNAME ACTIVE TAGS(TSTUSERID:BobS)"
To allow or prevent password fallback during factor authentication downtime, issue the following command:
From TSO:
SET LID
CHANGE userid FALLBACK|NOFALLBACK
From OMVS:
acfunix "acfunix "CHANGE userid NOFALLBACK"