Configure Security With eTrust CA-ACF2

If you are installing the server to run with eTrust CA-ACF2 security package, you may have to apply fix number QO71149 for eTrust CA-ACF2 6.4 or QO51462 for eTrust CA-ACF2 6.5. If you are installing the server under z/OS 2.1 or higher to run with eTrust CA-ACF2 14.0, PTF RO24848 may have to be applied if server USS user IDs are to be defined using the USS default segment. For more information about these fixes, contact Computer Associates.

The MVS address space must have access to those system resources that are required by each user. eTrust CA-ACF2 will check for job-level access as well as user-level access. Therefore, the job-level user ID must have access to all data sets. For example, this can be done by setting the MAINT attribute on the eTrust CA-ACF2 record for the job-level user ID. Refer to eTrust CA-ACF2 technical reference guides for further information.

The job-level user ID of the server should have the Multiple User, Single Address Space (MUSSAS) attribute set to on. If the server is run as a started task, you must enable the started task attribute for the job-level user ID. You must also use the Reporting Server browser interface to define this user ID with OPER authority. For more information, see the ibi™ WebFOCUS® Reporting Server Administration manual.

Each user ID must be defined to eTrust CA-ACF2.

To create the necessary logon IDs and profile records, issue the following commands:

ACF
SET LID
INSERT OMVS GROUP(OMVSGRP) STC UID(0)
INSERT INETD GROUP(OMVSGRP) STC UID(0) HOME(/) OMVSPGM(/bin/sh)
INSERT TCPIP GROUP(OMVSGRP) STC UID(0)

For more information, see the following sections in the Computer Associates eTrust CA-ACF2 Security for z/OS and OS/390 Cookbook:

Defining USS Users
Superusers
HTTP Server
Installation Steps

Did you find this helpful?

Yes No