TSS7100E 007 J=JES2 A=*MISSING T=KC F=JES - Password Missing
Article ID: 73089
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
After upgrading from CA Top Secret r15 to r16, batch jobs started receiving TSS7100E 007 J=JES2 A=*MISSING T=KC F=JES - Password Missing
After upgrading from CA Top Secret r15 to r16, batch jobs started receiving TSS7100E 007 J=JES2 A=*MISSING T=KC F=JES - Password Missing
After upgrading from CA Top Secret r15 to r16, batch jobs started receiving TSS7100E 007 J=JES2 A=*MISSING T=KC F=JES - Password Missing
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
RO98297 plugs a securty hole which required the NJEUSR to be defined.
Please issue a TSS MODIFY STATUS and see if NJEUSR is defined.
The NJEUSER Control Option has existed for years, it goes as far back at least to Top Secret r12. It's intended to supply a Default ACID to be used on store and forward Nodes, simply to allow a Job to pass through without problems. No checking is performed against this ACID, it simply allows the 'VERIFYX' to work by supplying the Default acid. When a Job arrives at the Execution Node, it'll properly use the passed Token Userid passed from the Originating Node. This Control Option wouldn't have been needed when the 'USERID=' was being used on the Job Card.
Our CA Top Secret documentation has recommended the use of NJEUSER for several releases now. Here is what our documentation says about NJE Store and Forward nodes:
NJEUSR-NJE Store and Forward Nodes ACID
Valid on z/OS.
Use the NJEUSR control option to define a default ACID to be used for NJE Store-and-Forward nodes where no other userid can be identified. This control option is used to specify the userid when building a default token in response to a verify SESSION=TKNUNKWN request.
Notes:
* This ACID is used for the owner of the JOB or SYSOUT data on the Store-and-Forward node and it will have no effect on the userid on the execution node.
* This control option can be included in the startup parms for CA Top Secret. It needs to be set on the intermediate node where the job or output is being lost, and should be a valid ACID for that node, as well as having access to JES and BATCH. However, no checking is done at the time the NJEUSR is set to make certain that the ACID specified is valid.
* If NJEUSR is modified while TSS is executing, and no value is set in the PARMFILE, the modified value will persist.
* If a value is present in PARMFILE for NJEUSR, that value will replace any modified value, if CA Top Secret is restarted with the REINIT option.
This control option uses the Parameter File and TSS MODIFY Command entry methods.
This control option has the following format:
NJEUSR(acidname)
Please create the acid and add it to the NJEUSR control option and retest.
Sample acid:
TSS CREATE(NJEDEF) NAME('NJEDEF') PASSWORD(NOPW,0) TYPE(USER) DEPT(dept)
TSS ADD(NJEDEF) FAC(JES,BATCH,STC)
The NJUSR control option can be set dynamically via TSS MODIFY NJEUSR(NJEDEF). The TSS MODIFY command is only valid until the next recycle of TSS. To make the change permanent, set NJEUSR(NJEDEF) in your CA Top Secret parameter file.
Please issue a TSS MODIFY STATUS and see if NJEUSR is defined.
The NJEUSER Control Option has existed for years, it goes as far back at least to Top Secret r12. It's intended to supply a Default ACID to be used on store and forward Nodes, simply to allow a Job to pass through without problems. No checking is performed against this ACID, it simply allows the 'VERIFYX' to work by supplying the Default acid. When a Job arrives at the Execution Node, it'll properly use the passed Token Userid passed from the Originating Node. This Control Option wouldn't have been needed when the 'USERID=' was being used on the Job Card.
Our CA Top Secret documentation has recommended the use of NJEUSER for several releases now. Here is what our documentation says about NJE Store and Forward nodes:
NJEUSR-NJE Store and Forward Nodes ACID
Valid on z/OS.
Use the NJEUSR control option to define a default ACID to be used for NJE Store-and-Forward nodes where no other userid can be identified. This control option is used to specify the userid when building a default token in response to a verify SESSION=TKNUNKWN request.
Notes:
* This ACID is used for the owner of the JOB or SYSOUT data on the Store-and-Forward node and it will have no effect on the userid on the execution node.
* This control option can be included in the startup parms for CA Top Secret. It needs to be set on the intermediate node where the job or output is being lost, and should be a valid ACID for that node, as well as having access to JES and BATCH. However, no checking is done at the time the NJEUSR is set to make certain that the ACID specified is valid.
* If NJEUSR is modified while TSS is executing, and no value is set in the PARMFILE, the modified value will persist.
* If a value is present in PARMFILE for NJEUSR, that value will replace any modified value, if CA Top Secret is restarted with the REINIT option.
This control option uses the Parameter File and TSS MODIFY Command entry methods.
This control option has the following format:
NJEUSR(acidname)
Please create the acid and add it to the NJEUSR control option and retest.
Sample acid:
TSS CREATE(NJEDEF) NAME('NJEDEF') PASSWORD(NOPW,0) TYPE(USER) DEPT(dept)
TSS ADD(NJEDEF) FAC(JES,BATCH,STC)
The NJUSR control option can be set dynamically via TSS MODIFY NJEUSR(NJEDEF). The TSS MODIFY command is only valid until the next recycle of TSS. To make the change permanent, set NJEUSR(NJEDEF) in your CA Top Secret parameter file.
Feedback
Yes
No
Powered by
