Re: How is an SRB invoked?

The SRB is added to a queue and the dispatcher treats an SRB as being higher priority than any TCB in the address space. --  Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר From: IBM Mainframe

Re: Heh, "Sabre is Getting Off the Mainframe-One Way or Another"

On Mon, 25 Nov 2024 10:26:58 -0500, Phil Smith III wrote: >Sabre is Getting Off the Mainframe-One Way or Another >https://planetmainframe.com/2023/06/sabre-is-getting-off-the-mainframe-one-way-or-another/ > >"No, really, we mean it this time." > >And this is almost 18 months old; I can't remembe

Re: NYDFS Cybersecurity 500.7(c)(2) blocking common passwords

You can use the exit routine (ICHPWX11) to lookup the password in a dataset and reject if the password is found. https://www.ibm.com/docs/en/zos/2.4.0?topic=exits-new-password-phrase-exit-ichpwx11 Joe On Tue, Nov 26, 2024 at 11:25 AM Grace Godfrey < 072e3a8a3050-dmarc-requ...@listserv.ua.edu

Re: NYDFS Cybersecurity 500.7(c)(2) blocking common passwords

I wrote an ICHPWX01 exit years ago, and is on CBT here File # 728 ICHPWX01 - RACF Password Quality Exit - Dave Jousma. I wouldn’t read a dataset though, just define the list in the exit. The exit is pretty old, there may be better methods now. Dave

How is an SRB invoked?

SCHEDULE and IEAMSCHD (recommended) services create an SRB, but how is the SRB called? The SRB is not invoked by IEAMSCHD. Or is it? Here's a scenario: STORAGE OBTAIN (in csa) LOAD srb program (directed load) into csa storage IEAMSCHD the SRB OK - then what? The SRB is not executed. The addre

Re: How is an SRB invoked?

Richard, you cannot 'call' an SRB routine, it would simply execute the code under your TCB. Establishing the SRB makes the Control Program invoke it with the designated parameter list. Insert a DC X'' to validate that the SRB routine abends S0C1. You'll have to check SYS1.LOGREC if I remembe

Re: How is an SRB invoked?

On Tue, 26 Nov 2024 20:18:49 + Richard Zierdt wrote: :>SCHEDULE and IEAMSCHD (recommended) services create an SRB, but how is the SRB called? :>The SRB is not invoked by IEAMSCHD. Or is it? The control blocks are built and placed on the appropriate dispatcher queue. :>Here's a scenario: :

Re: SDSF and RACF/SAF w z/OS 2.5

Bear in mind that in today's environment a simple ( 3 line ? ) 3270 emulator macro can get around any SDSF auto update restriction. Rob Scott Rocket Software Sent from Samsung Mobile on O2 Sent from Outlook for Android From: IBM Mainframe

NYDFS Cybersecurity 500.7(c)(2) blocking common passwords

Hi, I'm hoping to tap the vast knowledge here on IBM-Main. We're under NYDFS Cybersecurity regulations and I'm looking at 500.7(c)(2) (c) Each class A company shall monitor privileged access activity and shall implement: (1) a privileged access management solution; and (2) an auto

Re: NYDFS Cybersecurity 500.7(c)(2) blocking common passwords

Hi Grace, Please see: https://www.ibm.com/docs/en/zos/2.4.0?topic=ichpwx11-coded-example-exit-routine Regads, David From: IBM Mainframe Discussion List on behalf of Grace Godfrey <072e3a8a3050-dmarc-requ...@listserv.ua.edu> Sent: November 26, 2024 12:25 PM T

Re: NYDFS Cybersecurity 500.7(c)(2) blocking common passwords

ICHPWX11 changes from passwords to passphrases with a 100-character limit. Joe On Tue, Nov 26, 2024 at 1:08 PM Jousma, David < 01a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote: > I wrote an ICHPWX01 exit years ago, and is on CBT here File # 728 ICHPWX01 > - RACF Password Quality Exit - Dave

Re: NYDFS Cybersecurity 500.7(c)(2) blocking common passwords

Thank you David, Joe, and David for the referrals. I'm reading them now. SYS1.SAMPLIB(IRRPHREX) says error 10 will occur if a forbidden word is in a password phrase value. Do you know, does the forbidden word checking happens on passwords also? Or only password phrases? Going to the CB

Re: NYDFS Cybersecurity 500.7(c)(2) blocking common passwords

So best practice now is to use passphrases. Joe On Tue, Nov 26, 2024 at 1:20 PM Grace Godfrey < 072e3a8a3050-dmarc-requ...@listserv.ua.edu> wrote: > Thank you David, Joe, and David for the referrals. I'm reading them now. > > SYS1.SAMPLIB(IRRPHREX) says error 10 will occur if a forbidden wo

Re: What happens to ALETs when an address space goes away?

Thanks. On Tue, 26 Nov 2024 06:38:07 + Jim Mulder wrote: :> z/OS does not do anything to the Access List Entry. It is up to the program that added it to delete it when it wants to. :> A reference after address space A terminates will initially result in an ASTE-validity exception (Prog

Re: SDSF and RACF/SAF w z/OS 2.5

SDSF 2.5+ will use SAF instead of internal (ISFPRMxx / ISFPARMS) security. There is a recent presentation on how SDSF 2.5 security works with SAF in the IBM Education GitHub : github.com/IBM/IBM-Z-zOS/tree/main/zOS-Education/ If you have migrated from non-SAF to SAF security, there is quite a l

Re: Link list info

CVTLINK contains the address of the DCB for the IPL-time LNKLST set. DLCBDCB@ within the DLCB located by ASSBDLCB contains the address of the DCB for the LNKLST set associated with this address space. But both accomplish the same thing because the DCB address in CVTLINK (even though physically m

Re: SDSF and RACF/SAF w z/OS 2.5

Thanks Rob, What tipped them off was the AUPDT parm. Previously, they had a parmlib setting of 10, so that you could not set an auto update (refresh) of an SDSF screen to move frequently than 10 seconds. After they could. I told them there likely were a lot more to look at. Not my shop, but I may

Re: Link list info

Thanks Peter Didn’t know every address space has its own link list thought there was one for the entire system Thank you > On Nov 26, 2024, at 7:55 AM, Peter Relson wrote: > > CVTLINK contains the address of the DCB for the IPL-time LNKLST set. > DLCBDCB@ within the DLCB located by ASSBD