Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Bypassing RACF initialization processing z/OS Security Server RACF System Programmer's Guide SA23-2287-00 |
|
If you want to make RACF® inactive, you can bypass RACF initialization processing during IPL by setting bit 0 of byte 0 on in module ICHSECOP. You can use this option as part of the procedure for bypassing RACF functions any time after the installation of RACF is complete. This option (setting bit 0 on) makes RACF inactive until you turn bit 0 off and re-IPL. If this option is in effect (and RACF is inactive), you cannot use the RVARY command to make RACF active. When this option is used, RACF does not verify a user's identity during TSO logon, IMS/VS or CICS/VS sign-on, or job-initiation processing. If a JOB statement contains the USER, GROUP, and PASSWORD parameters, the system ignores them. TSO/E reverts to UADS user identification and verification. Also, RACF commands cannot be issued. If a user accesses a RACF-protected resource, the RACROUTE REQUEST=AUTH
is still issued. If you are using any RACF-protected resources on
your system, do the following:
The RACROUTE REQUEST=DEFINE is not issued by any RACF-related code in the system components unless failsoft processing allows the data set access and that data set is extended to a new volume. If you have written any modules using the RACROUTE REQUEST=DEFINE macro instruction, the failsoft processing in RACROUTE REQUEST=DEFINE gains control and issues messages to the system operator. The RACROUTE REQUEST=DEFINE failsoft processing also handles a job that has the PROTECT parameter specified on a DD statement. Note that RACROUTE REQUEST=DEFINE failsoft processing issues a message and continues normal processing without issuing an abend. |
Copyright IBM Corporation 1990, 2014
|