Using CA-ACF2
Before you install the CA-ACF2 interface, make sure -THILEV-.SKLSLOAD, and, if allocated, -RHILEV-.RLSLOAD are APF-authorized. (For more information on APF authorization, see IBM's SPL: Initialization and Tuning manual.)
To install an exit for ACF2 security validation, follow these steps.
- If KLS@ASM is not already in -RHILEV-.RLSSAMP, copy -THILEV-.SKLSSAMP(KLS@ASM) into -RHILEV-.RLSSAMP.
- Member KLSA2NEV of -THILEV-.SKLSSAMP is the CL/SuperSession interface
to ACF2.
Assemble and link KLSA2NEV with AC=1 into the -RHILEV-.RLSLOAD library. Member KLS@ASM of -RHILEV-.RLSSAMP contains assembly JCL that you can modify according to instructions in the member.
- Because CL/SuperSession uses a multiuser system access control
point, it has all the characteristics of an ACF2 Multiple User Single
Address Space System (MUSASS). That is, system access validations
are initiated and enforced by the address space on behalf of the network
user.
Define the CL/SuperSession started task as a MUSASS to ACF2.
- At the READY prompt, type
ACFand press Enter. - At the ACF prompt, type
SET LIDand press Enter. - At the LID prompt, type
CH klk MUSASS(where -RHILEV- is the name of the CL/SuperSession started task) and press Enter. - At the LID prompt, type
ENDand press Enter.
- At the READY prompt, type
- Change member KLKINNAM in -RHILEV-.RLSPARM.
- Add the EXIT=KLSA2NEV parameter. For example:
DEFAULT DSNAME(...) EXIT=KLSA2NEV - Change DB to NODB.
- Add the EXIT=KLSA2NEV parameter. For example:
The member should look like this when you finish:
DEFAULT DSNAME(-RHILEV-.RLSNAM) -
EXIT=KLSA2NEV -
NORACF -
NODB Restart CL/SuperSession to initialize the change.
Note: You may need to change the current value assigned to the RESERVE parameter in
-RHILEV-.RLSPARM(KLSSYSIN). For more information on the RESERVE parameter, see the IBM CL/SuperSession for z/OS 3.1
Customization Guide.