Re: How to configure using PDS members in JCL.

Thanks for all the suggestions. The best one ( thank you Charles) is //IBMUSERT JOB 1,MSGCLASS=H // JCLLIB ORDER=COLIN.MFA.JCL2 // EXPORT SYMLIST=(*) // SET OWNER='IBMUSER' // SET ADMIN='IBMUSER' // SET TOKEN='MFATOKEN' // SET STC='START1' // SET USERID='CERTID' //S1 EXEC PGM=IKJEFT01,REGIO

Re: Encryption and DB2 (Cross Posted)

To Tom Longfellow, thank you for your knowledge and humor. The only other question I have is about EKMF if anyone is using it. And YES we are doing Pervasive Encryption. Regards, Steve -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behal

Direct branch entry to ICSF routines

I have been looking but I have not yet found the explicit doc that shows how to call ICSF routines via the CSFCCVT. Looking at a few of the stub routines I see that they create a linkage stack entry and then call the real routine via CSFCCVT but the labels in the CSFCCVT are not obviously related

Re: What is the PDS command?

Admittedly the initial VSAM had warts, but the first cut at ICF was so bad that IBM had to withdraw it. I never understood the intent behind the 3850; why only 3330V and not, e.g., 3350V, 3375V? -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א

NFS Export of Data Set File System

Can /dsfs and the directories under it be NFS exported such that Windows/Linux clients can connect to it and then directly read/write z/OS datasets? Mark Jacobs Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op

Re: NFS Export of Data Set File System

Something called OverlayFS was recently added to zOS. So in theory, top-level overlayfs --> NFS mount in zOS --> DSFS underneath (serving some paths/directories for the overlayFS) ... this sounds possible? On Wednesday, January 10th, 2024 at 20:07, Mark Jacobs <0224d287a4b1-dmarc-requ..

Re: How to configure using PDS members in JCL.

On Wed, 10 Jan 2024 11:41:16 +, Colin Paice wrote: >Thanks for all the suggestions. The best one ( thank you Charles) is [ I'm editint -- gil ] >... >// EXPORT SYMLIST=(*) >// SET USERID='CERTID' >... >//SYSTSIN DD *,SYMBOLS=(JCLONLY) >// INCLUDE MEMBER=LU > >Where member LU is > >

Re: NFS Export of Data Set File System

Do you mean the Union File System? Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com On Wednesday, January 10th, 2024 at 9:42 AM, kekronbekron <02dee3fcae33-dmarc-requ...@listserv.

Re: NFS Export of Data Set File System

Ah yes sorry. Although what I said sounds "interesting", thinking about it a bit more, I don't think what I said below is possible. User has to interact with the unionfs and the "root" of it has to be NFS (for reachability over network). But, I don't think NFS allows its sub-tree or whatever to

Re: NFS Export of Data Set File System

On Wed, 10 Jan 2024 14:37:22 +, Mark Jacobs wrote: >Can /dsfs and the directories under it be NFS exported such that Windows/Linux >clients can connect to it and then directly read/write z/OS datasets? > What are you looking for beyond:

Re: NFS Export of Data Set File System

There is no users guide but there is an admin guide at https://www.ibm.com/docs/en/zos/3.1.0?topic=administration-dsfs-guide Lionel B. Dyck <>< Github: https://github.com/lbdyck “Worry more about your character than your reputation. Character is what you are, reputation merely what others thin

Re: NFS Export of Data Set File System

But, if you're willing to pay, this can do it - https://virtualzcomputing.com/ On Wednesday, January 10th, 2024 at 20:36, Paul Gilmartin <042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote: > On Wed, 10 Jan 2024 14:37:22 +, Mark Jacobs wrote: > > > Can /dsfs and the directories under i

Traversing The Linkage Stack

Hi I am using a share PDF as a guide "Dul Address Space & Linkage Stack" as guide to looking thru a WU Linkage Stack In the case of a TCB I believe the current is pointed to by STCBLSDP This is I understand it points to the header of which there four different types each of X'128' bytes in Leng

Re: NFS Export of Data Set File System

On Wed, 10 Jan 2024 09:12:29 -0600, Lionel B. Dyck wrote: >There is no users guide ... > Has IBM not noticed the lack? >... but there is an admin guide at > https://www.ibm.com/docs/en/zos/3.1.0?topic=administration-dsfs-guide > That's for admins. But if there are differences between DSFS

Re: NFS Export of Data Set File System

Not to argue - they should have a User's Guide but they don't. The key with dsfs is that once you understand the /dsfs/type (txt/bin/rec/sysout) that is it no different than using any other file in a filesystem. Lionel B. Dyck <>< Github: https://github.com/lbdyck “Worry more about your chara

Re: NFS Export of Data Set File System

On Wed, 10 Jan 2024 10:02:54 -0600, Lionel B. Dyck wrote: >Not to argue - they should have a User's Guide but they don't. The key with >dsfs is that once you understand the /dsfs/type (txt/bin/rec/sysout) that is >it no different than using any other file in a filesystem. > Case sensitivity? D

Re: SSH tunneling for unattended process.

Jon, I don't think you answered my question. If on your client you set up a TN3270 tunnel with: ssh -L 623:127.0.0.1:623 zoshost and then connect your tn3270 client to port localhost:623 and login How EXACTLY is your userid and password exposed? Kirk Wolf Dovetailed Technologies http:/

Re: Traversing The Linkage Stack

I'm pretty sure that nothing about the way MVS works with the Linkage Stack is a programming interface. How old is that presentation you are using? The Linkage Stack changed significantly with z/Architecture. The definitive documentation is the Principles of Operation. If you want to learn abo

Re: Traversing The Linkage Stack

It’s 2012 Thanks > On Jan 10, 2024, at 2:45 PM, Tom Marchant > <000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote: > > I'm pretty sure that nothing about the way MVS works with the Linkage Stack > is a programming interface. > > How old is that presentation you are using? The Linkage S

IBM Security Portal

I know how to navigate to IBM's Security Portal and pull down the security hold data. My question pertains to where does one get the security related PTFs and APARs. In other words, do the security related PTFs and APARs have to be pulled down from another site, as opposed to the site where one p

Re: IBM Security Portal

On 1/10/2024 12:03 PM, rpinion865 wrote: I know how to navigate to IBM's Security Portal and pull down the security hold data. My question pertains to where does one get the security related PTFs and APARs. In other words, do the security related PTFs and APARs have to be pulled down from anoth

Re: IBM Security Portal

Classification: Confidential This is a severely manual process. The PTFS/APARS can be determined from the HOLDDATA. The PTFs are individually orderable via ShopZ (just like any other PTF). The only difference is that the PTF/APAR information is only available in the HOLDDATA. HTH, -Origin

Re: IBM Security Portal

Which begs the next question. Would security related PTFs make their way into normal RSUs, or must they be ordered separately as per the holddata? Sent with Proton Mail secure email. On Wednesday, January 10th, 2024 at 3:14 PM, Allan Staller <0387911dea17-dmarc-requ...@listserv.ua.edu>

Re: IBM Security Portal

The reason the HOLDDATA is separated from regular PTF/APARs is that the holddata stores information of type SECINT. SECINT has structured information much like the CVE/NDV. For some reasons, IBM does not disclose such information in public (but does so for IBM I). There is a way to identify such P

Re: IBM Security Portal

No, security PTFs are part of regular PTF feed. Of course RSU is a subset, but IMHO most of the security PTFs belong to RSU. BTW: you can order all PTFs for you installation, not only RSU. Or take another criteria. RSU does not contain PTFs related to new hardware, etc. -- Radoslaw Skorupka Lo

ChangeMan ZFS and CSSMTP to send email notifications

What must you change in ChangeMan ZFS to get it to use CSSMTP to send out its email notifications? I know about the sample skeleton CNM$$ENT, which mentions using sample ENOTIFY2, but it lacks details about how to use it with CSSMTP. Regards, Mark Regan, K8MTR General, EN80tg CTO1 USNR-Retired (1

Re: ChangeMan ZFS and CSSMTP to send email notifications

My first question to you is your Changeman current on it maintenance? Steve -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Regan Sent: Wednesday, January 10, 2024 2:34 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: ChangeMan ZFS a

Re: IBM Security Portal

Classification: Confidential They will eventually go into the RSU. I usually make a point of researching installing all applicable secant ptf's available at the time the holddata was pulled. . I have (as of this time) never seen a PE against a secant PTF. YMMV, -Original Message- From

Re: IBM Security Portal

Yes. They make their way into normal RSUs just like all other recommended PTFs. Without access to the security portal they won't be identified as SECINT PTFs though. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&sea

Re: IBM Security Portal

Mark, there is a way to identify such PTFs without access to the holddata, but the CVE information is not accessible. ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * On Wed, Jan 10, 2024 at 10:43 PM Mar

Re: IBM Security Portal

Thank you everyone for your very helpful replies! Sent with Proton Mail secure email. On Wednesday, January 10th, 2024 at 3:43 PM, Mark Jacobs <0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote: > Yes. They make their way into normal RSUs just like all other recommended > PTFs. Without

Re: ChangeMan ZFS and CSSMTP to send email notifications

Steve, We are on v8.2, Patch 5. Regards, Mark Regan, K8MTR General, EN80tg CTO1 USNR-Retired (1969-1991), RUENAAA/CNO WASHINGTON DC//OP-009QCP (CNO SPINTCOMM, 1976-1979) Nationwide Insurance, Retired (1986-2017), z/OS Network Infrastructure Engineering Consultant Email: marktre...@gmail.com

Re: LE C growing heap issue

Attila, Thanks for that pointer, when we changed KEEP to FREE (well not all, but this one) our heap memory issues went away. Now my real question is why didn't the Heap Segments get reused. Since our high water memory reached a much lower mark after the change, it appears our application was n

Re: IBM Security Portal

Not easily. Sometimes in the MCS the APAR description might say Integrity APAR, or when you search for information on the APAR on Service Link it won't be found. That's a flag to me that it's an integrity/security APAR. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public

Racf Userid

Hello, I have a userid abc that was last access in racf on 1/7/24 at 5:06 a.m. Is there a report or something that will tell me who (batch job, script, etc..) is using this userid? Thanks Shelia Chalk Mainframe System Programmer sch...@ssfcu.org == This email, and any

Question on SSRV entries in system trace table

Anyone, The doc on SSRV trace table entries in the "z/OS MVS Diagnosis: Tools and Service Aids" pub says this: PSW- ADDRESS-return--: o For PC/AUTH, supervisor control, and task management: Caller's return address if the service was entered by a branch; 0 if the service was entered by a PC i

Re: Racf Userid

SMF type 80 records. On Thu, Jan 11, 2024 at 8:38 AM Chalk, Shelia wrote: > Hello, > > I have a userid abc that was last access in racf on 1/7/24 at 5:06 a.m. > Is there a report or something that will tell me who (batch job, script, > etc..) is using this userid? > > Thanks > Shelia Chalk > Mai

Re: Racf Userid

documented here: https://www.ibm.com/docs/en/zos/2.3.0?topic=records-record-type-80-racf-processing-record On Thu, Jan 11, 2024 at 11:21 AM Wayne Bickerdike wrote: > SMF type 80 records. > > On Thu, Jan 11, 2024 at 8:38 AM Chalk, Shelia wrote: > >> Hello, >> >> I have a userid abc that was l

Re: SSH tunneling for unattended process.

On Wed, 10 Jan 2024 11:37:11 -0600, Kirk Wolf wrote: > ssh -L 623:127.0.0.1:623 zoshost >How EXACTLY is your userid and password exposed? You example ignores using a script to automate SSH login. There are various implementations. e.g.sshpass -p !4u2tryhack ssh usern...@host.example.com Eve

Re: How to configure using PDS members in JCL.

On Wed, 10 Jan 2024 08:47:38 -0600, Paul Gilmartin wrote: >On Wed, 10 Jan 2024 11:41:16 +, Colin Paice wrote: > >>I think all products should use this technique, instead of asking users to >>make the same changes to multiple files as part of configuration. >> >It's regrettable that there's no

Re: SSH tunneling for unattended process.

Passing secret material in the command line for long-running and daemon processes is never a good idea [; "The sshpass utility is designed to run SSH using the keyboard-interactive password authentication mode, but in a non-interactive way." - recommended approach is to use key authentication inst

Re: SSH tunneling for unattended process.

On Thu, 11 Jan 2024 13:03:07 +1100, Filip Palian wrote: >Passing secret material in the command line for long-running and daemon >processes is never a good idea [; I'm not condoning this an as you say, this isn't a good idea but my point was it's a common practice in the UNIX and Windows enviro

Re: Question on SSRV entries in system trace table

We don't want to waste the time and space. The caller information is in the preceding PC trace entry. Jim Mulder -Original Message- From: IBM Mainframe Discussion List On Behalf Of Mike Shaw Sent: Wednesday, January 10, 2024 5:39 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Question on