How To Debug A Pass Ticket Problem?
Article ID: 49025
Updated On:
Products
Cleanup
Datacom
DATACOM - AD
CIS
COMMON SERVICES FOR Z/OS
90S SERVICES
DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS
COMMON PRODUCT SERVICES COMPONENT
Common Services
CA ECOMETER SERVER COMPONENT FOC
Easytrieve Report Generator for Common Services
INFOCAI MAINTENANCE
IPC
UNICENTER JCLCHECK COMMON COMPONENT
Mainframe VM Product Manager
CHORUS SOFTWARE MANAGER
CA ON DEMAND PORTAL
CA Service Desk Manager - Unified Self Service
PAM CLIENT FOR LINUX ON MAINFRAME
MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME
GRAPHICAL MANAGEMENT INTERFACE
WEB ADMINISTRATOR FOR TOP SECRET
Xpertware
Top Secret
Top Secret - LDAP
Top Secret - VSE
Issue/Introduction
Description:
How do you debug a Pass Ticket problem?
Solution:
The following documentation is generally used to debug passticket problems:
- If the user receives a security violation with a Detailed Reason Code (DRC) of 009, then a diagtrap is needed:
TSS MODI DIAGTRAP(1,ON,KER,AcidName,009) where AcidNAme is the acid name of acid having the issue.
To reset:
TSS MODI DIAGTRAP(1,OFF)
- Output from a TSS LIS(NDT) DATA(SESSKEY) command.
- If the passticket is generated and validated with the IBM RACF callable services R_ticketserv / R_GenSec, then an OMVS trace and SECTRACE will be needed.
3-1. TSS ADD(acid) TRACE
3-2. TSS REFRESH(acid) JOBNAME(*)
3-3. TSS MODI(SECTRACE(ACT,WTL))
3-4. ST SET,TYPE=OMVS,FUNC=ALL,DSN=datasetname,END (issued on the console)
3-5. This will route all trace records to the MVS syslog....
3-6. Recreate the problem.
3-7. TSS MODI SECTRACE(OFF)
3-8. ST DEL,ID=xx (issued on the console)
3-9. TSS REM(acid) TRACE
3-10. TSS LIST(acid) DATA(ALL,PROFILE)
The dataset for the DSN= must be pre-allocated. Please make sure it is large enough to hold enough trace data otherwise the trace will stop once is full. You can also don't specify DSN= and specify DEST=SYSLOG to have the OMVS trace output going to the syslog along with the SECTRACE output.
Environment
Release: TOPSEC00200-15-Top Secret-Security
Component:
Component:
Feedback
Yes
No
Powered by
