COMMLOG parameter: Difference between revisions
m (misc formatting) |
|||
(One intermediate revision by one other user not shown) | |||
Line 4: | Line 4: | ||
<dt>Default value | <dt>Default value | ||
<dd>X'00' | <dd>X'00' | ||
<dd>X'02' if an External Security Manager (ESM) is active (ACF2, RACF, or TOPSECRET) | |||
<dt>Parameter type | <dt>Parameter type | ||
<dd>System | <dd>System | ||
Line 13: | Line 14: | ||
<dd>Before <var class="product">Sirius Mods</var> 6.7 | <dd>Before <var class="product">Sirius Mods</var> 6.7 | ||
</dl> | </dl> | ||
==Description== | ==Description== | ||
This is a bitmask parameter that affects the type of login performed | This is a bitmask parameter that affects the type of login performed | ||
by daemon threads when logged in | by daemon threads when logged in by a $Comm function (<var>$Command</var>, <var>$CommndL</var>, | ||
or $ | or <var>$CommBg</var>), or by a <var>New</var> method for a <var>Daemon</var> class object. | ||
The bits in this parameter mean: | The bits in this parameter mean: | ||
Line 23: | Line 25: | ||
<dd>A login that bypasses external authorizer (RACF, ACF2, Top Secret) validation | <dd>A login that bypasses external authorizer (RACF, ACF2, Top Secret) validation | ||
is performed. | is performed. | ||
<dt>X'02' | <dt>X'02' | ||
<dd>A trusted login is performed via the external authorizer. | <dd>A trusted login is performed via the external authorizer. | ||
COMMLOG=6 activates an additional layer of processing between Model 204 and ACF2 for processing daemon logins (including $ | <dt>X'04' | ||
<dd>Activates support for daemon login improvements, if used in conjunction with the X'02' bit. | |||
<p> | |||
<code>COMMLOG=6</code> activates an additional layer of processing between Model 204 and ACF2 for processing daemon logins (including <var>$CommBg</var> and related functions). With <code>COMMLOG=6</code>, each user that performs a login passing a password gets a UUP block, which is shared with any of its daemons. </p> | |||
<dt>X'80' | <dt>X'80' | ||
<dd>If this bit is set along with the X'04' bit, any CCASNAP will include extra information relating to the caching of external authorizer information. | <dd>If this bit is set along with the X'04' bit, any CCASNAP will include extra information relating to the caching of external authorizer information. | ||
<dt>X'20' | <dt>X'20' | ||
<dd>This bit activates diagnostic processing that can be fairly expensive. | <dd>This bit activates diagnostic processing that can be fairly expensive. Set this option only if directed by Rocket technical support. | ||
</dl> | </dl> | ||
If COMMLOG is set to zero, | If <var>COMMLOG</var> is set to zero, <var class="product">Model 204</var> attempts to determine if the external | ||
authorizer (if any) supports trusted login (RACF, ACF2, and Top Secret all | authorizer (if any) supports trusted login (RACF, ACF2, and Top Secret all | ||
support trusted login): | support trusted login): | ||
<ul> | <ul> | ||
<li>If the authorizer does, | <li>If the authorizer does, <var class="product">Model 204</var> sets <var>COMMLOG</var> to X'02', then does all trusted logins via the external authorizer. </li> | ||
trusted logins via the external authorizer. | |||
<li>If the authorizer does not, the flag is set to | <li>If the authorizer does not, the flag is set to | ||
X'01', and all logins for $ | X'01', and all logins for $Comm and <var>Daemon</var> objects do not use the external | ||
authorizer. | authorizer. </li> | ||
</ul> | </ul> | ||
Line 54: | Line 60: | ||
and things that required external authorizer validation (such as sequential file | and things that required external authorizer validation (such as sequential file | ||
access) will not be correctly controlled by the external authorizer. | access) will not be correctly controlled by the external authorizer. | ||
[[Category:System parameters]] | [[Category:System parameters]] | ||
[[Category:Parameters]] | [[Category:Parameters]] |
Latest revision as of 00:06, 14 February 2017
$Command login flags
Summary
- Default value
- X'00'
- X'02' if an External Security Manager (ESM) is active (ACF2, RACF, or TOPSECRET)
- Parameter type
- System
- Where set
- User 0 CCAIN parameters
- Related products
- All
- Introduced
- Before Sirius Mods 6.7
Description
This is a bitmask parameter that affects the type of login performed by daemon threads when logged in by a $Comm function ($Command, $CommndL, or $CommBg), or by a New method for a Daemon class object.
The bits in this parameter mean:
- X'01'
- A login that bypasses external authorizer (RACF, ACF2, Top Secret) validation is performed.
- X'02'
- A trusted login is performed via the external authorizer.
- X'04'
- Activates support for daemon login improvements, if used in conjunction with the X'02' bit.
COMMLOG=6
activates an additional layer of processing between Model 204 and ACF2 for processing daemon logins (including $CommBg and related functions). WithCOMMLOG=6
, each user that performs a login passing a password gets a UUP block, which is shared with any of its daemons. - X'80'
- If this bit is set along with the X'04' bit, any CCASNAP will include extra information relating to the caching of external authorizer information.
- X'20'
- This bit activates diagnostic processing that can be fairly expensive. Set this option only if directed by Rocket technical support.
If COMMLOG is set to zero, Model 204 attempts to determine if the external authorizer (if any) supports trusted login (RACF, ACF2, and Top Secret all support trusted login):
- If the authorizer does, Model 204 sets COMMLOG to X'02', then does all trusted logins via the external authorizer.
- If the authorizer does not, the flag is set to X'01', and all logins for $Comm and Daemon objects do not use the external authorizer.
Generally, this parameter should be left as 0, though it might make sense to set it to X'01' for efficiency — there is considerable overhead in an external authorizer login, even a trusted one.
The downside of setting this parameter to X'01' is that no external authorizer logging will be performed for the daemon login (this might be viewed as a benefit), and things that required external authorizer validation (such as sequential file access) will not be correctly controlled by the external authorizer.