eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
WebSphere Application Server for z/OS AND OS/390/* =============================================================== *//* CREATING GROUP FOR WAS ADMINISTRATORS. *//* =============================================================== */TSS CREATE(CBADMGP) TYPE(GROUP) NAME('WAS ADMIN GRP') DEPT(WASDEPT)TSS ADDTO(CBADMGP) GID(2203)/* =============================================================== *//* CREATING GROUP FOR DEFAULT WAS USERID. *//* =============================================================== */TSS CREATE(CBCLGP) TYPE(GROUP) NAME('DFLT WAS USER GRP') DEPT(WASDEPT)TSS ADDTO(CBCLGP) GID(2202)/* =============================================================== *//* CREATING SERVER REGION GROUP AND PROFILE FOR IVP1 SERVER. *//* =============================================================== */TSS CREATE(CBASR1) TYPE(GROUP) NAME('SERVR REG GRP IVP1') DEPT(WASDEPT)TSS ADDTO(CBASR1) GID(2205)TSS CREATE(CBASR1P) TYPE(PROF) NAME('SERVR REG GRP IVP1') DEPT(WASDEPT)/* =============================================================== *//* CREATING GROUP FOR IVP1 USERIDS. *//* =============================================================== */TSS CREATE(CBIVPGP) TYPE(GROUP) NAME('IVP1 USER GRP') DEPT(WASDEPT)TSS ADDTO(CBIVPGP) GID(2209)/* =============================================================== *//* CREATING SERVER REGION GROUP AND PROFILE FOR IVP2 SERVER. *//* =============================================================== */TSS CREATE(CBASR2) TYPE(GROUP) NAME('SERVR REG GRP IVP2') DEPT(WASDEPT)TSS ADDTO(CBASR2) GID(2216)TSS CREATE(CBASR2P) TYPE(PROF) NAME('SERVR REG GRP IVP2') DEPT(WASDEPT)/* =============================================================== *//* CREATING GROUP FOR IVP2 USERIDS. *//* =============================================================== */TSS CREATE(CBIVPGP2) TYPE(GROUP) NAME('IVP2 USER GRP') DEPT(WASDEPT)TSS ADDTO(CBIVPGP2) GID(2217)/* =============================================================== *//* ADDING USERS FOR WAS CONTROL REGIONS. *//* =============================================================== */TSS CREATE(CBDMNCR1) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 DAEMON CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBDMNCR1) UID(2111)TSS ADDTO(CBDMNCR1) FAC(STC)TSS CREATE(CBNAMCR1) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 NAMING CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBNAMCR1) UID(2113)TSS ADDTO(CBNAMCR1) FAC(STC)TSS CREATE(CBSYMCR1) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 SYSMGT CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBSYMCR1) UID(2112)TSS ADDTO(CBSYMCR1) FAC(STC)TSS CREATE(CBINTCR1) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 INTFRP CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBINTCR1) UID(2114)TSS ADDTO(CBDMNCR1) FAC(STC)/* =============================================================== *//* ADDING USERS FOR WAS SERVER REGIONS. *//* =============================================================== */TSS CREATE(CBNAMSR1) DFLTGRP(CBSR1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 NAMING SR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBNAMSR1) UID(2105)TSS ADDTO(CBNAMSR1) FAC(STC)TSS CREATE(CBSYMSR1) DFLTGRP(CBSR1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 SYSMGT SR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBSYMSR1) UID(2104)TSS ADDTO(CBSYMSR1) FAC(STC)TSS CREATE(CBINTSR1) DFLTGRP(CBSR1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 INTFRP SR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBINTSR1) UID(2106)TSS ADDTO(CBINTSR1) FAC(STC)1–44 Cookbook
WebSphere Application Server for z/OS AND OS/390/* =============================================================== *//* ADDING USERS FOR IVP CONTROL AND SERVER REGIONS *//* =============================================================== */TSS CREATE(CBACRU1) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP1 CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBACRU1) UID(2107)TSS ADDTO(CBACRU1) FAC(STC)TSS CREATE(CBASRU1) DFLTGRP(CBASR1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP1 SR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBASRU1) UID(2110)TSS ADDTO(CBASRU1) FAC(STC)/* =============================================================== */TSS CREATE(STCRACF) DFLTGRP(SYS1) NAME('CB390 TRACE WRITER') -TYPE(USER) DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(STCRACF) FAC(STC)/* =============================================================== */TSS CREATE(CBACRU2) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP2 CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBACRU2) UID(2115)TSS ADDTO(CBACRU2) FAC(STC)TSS CREATE(CBASRU2) DFLTGRP(CBASR2) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP2 SR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBASRU2) UID(2116)TSS ADDTO(CBASRU2) FAC(STC)/* =============================================================== *//* ADDING WAS ADMIN USERID. *//* =============================================================== */TSS CREATE(CBADMIN) DFLTGRP(CBADMGP) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 ADMINISTRATOR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBADMIN) UID(2103)TSS ADDTO(CBADMIN) FAC(STC,BATCH)/* =============================================================== *//* ADDING USERS TO RUN IVP1. *//* =============================================================== */TSS CREATE(CBIVP) DFLTGRP(CBIVPGP) TYPE(USER) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP1 USER') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBIVP) UID(2109)TSS ADDTO(CBIVP) FAC(STC,BATCH)/* =============================================================== *//* ADDING USERS TO RUN IVP2. *//* =============================================================== */TSS CREATE(CBIVP2) DFLTGRP(CBIVPGP2) TYPE(USER) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP2 USER') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBIVP2) UID(2117)TSS ADDTO(CBIVP2) FAC(STC,BATCH)/* =============================================================== *//* ADDING DEFAULT CB390 USERID FOR BASE SERVERS. *//* =============================================================== */TSS CREATE(CBGUEST) DFLTGRP(CBCLGP) TYPE(USER) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 DEFAULT USER') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBGUEST) UID(2102)TSS ADDTO(CBGUEST) FAC(STC,BATCH)/* =============================================================== *//* CONNECTING CB ADMINISTRATOR TO THE CB CONFIGURATION GROUP. *//* =============================================================== */TSS ADDTO(CBADMIN) GROUP(CBCFG1)/* =============================================================== *//* CONNECTING USERS TO THE CB CONFIGURATION GROUP. *//* =============================================================== */TSS ADDTO(CBDMNCR1) GROUP(CBCFG1)TSS ADDTO(CBNAMCR1) GROUP(CBCFG1)TSS ADDTO(CBSYMCR1) GROUP(CBCFG1)TSS ADDTO(CBINTCR1) GROUP(CBCFG1)TSS ADDTO(CBNAMSR1) GROUP(CBCFG1)TSS ADDTO(CBSYMSR1) GROUP(CBCFG1)TSS ADDTO(CBINTSR1) GROUP(CBCFG1)Implementing eTrust CA-Top Secret in a z/OS or OS/390 Environment 1–45
- Page 3: Technical UpdatesMay 2003The follow
- Page 6 and 7: Superuser Granularity .............
- Page 8 and 9: WLM (Workload Management)..........
- Page 11 and 12: Chapter1Implementing eTrust CA-TopS
- Page 13 and 14: z/OS and OS/390 CompatibilityThe li
- Page 15 and 16: z/OS and OS/390 Release-Specific Se
- Page 17 and 18: OpenEdition MVS / UNIX System Servi
- Page 19 and 20: OpenEdition MVS / UNIX System Servi
- Page 21 and 22: OpenEdition MVS / UNIX System Servi
- Page 23 and 24: OpenEdition MVS / UNIX System Servi
- Page 25 and 26: OpenEdition MVS / UNIX System Servi
- Page 27 and 28: OpenEdition MVS / UNIX System Servi
- Page 29 and 30: OpenEdition MVS / UNIX System Servi
- Page 31 and 32: Tracing UNIX System Services (OMVS)
- Page 33 and 34: Tracing UNIX System Services (OMVS)
- Page 35 and 36: Tracing UNIX System Services (OMVS)
- Page 37 and 38: Tracing UNIX System Services (OMVS)
- Page 39 and 40: Using TCP/IPFILE AUDIT OPTIONS—Th
- Page 41 and 42: Using TCP/IPwheresysname is the nam
- Page 43 and 44: Using FTPHow to Secure FTPFTP runs
- Page 45 and 46: Using TELNETTerminal Source Restric
- Page 47 and 48: WebSphere Application Server for z/
- Page 49 and 50: WebSphere Application Server for z/
- Page 51 and 52: WebSphere Application Server for z/
- Page 53: WebSphere Application Server for z/
- Page 57 and 58: Lotus Domino Go Webserver/* PERMITT
- Page 59 and 60: Lotus Domino Go WebserverTo disable
- Page 61 and 62: Lotus Notes and Novell Directory Se
- Page 63 and 64: Digital Certificate SupportGeneral
- Page 65 and 66: Digital Certificate SupportFOR|UNTI
- Page 67 and 68: Digital Certificate SupportDCDSN(re
- Page 69 and 70: Digital Certificate SupportNote: In
- Page 71 and 72: Digital Certificate SupportYou can
- Page 73 and 74: Digital Certificate SupportCase #2.
- Page 75 and 76: Digital Certificate SupportImportan
- Page 77 and 78: Digital Certificate SupportAdding a
- Page 79 and 80: Digital Certificate SupportReconnec
- Page 81 and 82: Digital Certificate SupportTSS LIST
- Page 83 and 84: Certificate Name Filtering SupportT
- Page 85 and 86: Certificate Name Filtering SupportI
- Page 87 and 88: Certificate Name Filtering SupportD
- Page 89 and 90: Certificate Name Filtering SupportL
- Page 91 and 92: KerberosKerberosetrust CA-Top Secre
- Page 93 and 94: KerberosThe command syntax for this
- Page 95 and 96: KerberosThe following command creat
- Page 97 and 98: Mapping of Foreign EnvironmentsMapp
- Page 99 and 100: Mapping of Foreign EnvironmentsMapp
- Page 101 and 102: Distributed File Server SMB SUPPORT
- Page 103 and 104: NFS (Network File System)The first
WebSphere Application Server <strong>for</strong> z/<strong>OS</strong> AND <strong>OS</strong>/390/* =============================================================== *//* ADDING USERS FOR IVP CONTROL AND SERVER REGIONS *//* =============================================================== */TSS CREATE(CBACRU1) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP1 CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBACRU1) UID(2107)TSS ADDTO(CBACRU1) FAC(STC)TSS CREATE(CBASRU1) DFLTGRP(CBASR1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP1 SR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBASRU1) UID(2110)TSS ADDTO(CBASRU1) FAC(STC)/* =============================================================== */TSS CREATE(STCRACF) DFLTGRP(SYS1) NAME('CB390 TRACE WRITER') -TYPE(USER) DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(STCRACF) FAC(STC)/* =============================================================== */TSS CREATE(CBACRU2) DFLTGRP(CBCTL1) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP2 CR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBACRU2) UID(2115)TSS ADDTO(CBACRU2) FAC(STC)TSS CREATE(CBASRU2) DFLTGRP(CBASR2) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP2 SR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBASRU2) UID(2116)TSS ADDTO(CBASRU2) FAC(STC)/* =============================================================== *//* ADDING WAS ADMIN USERID. *//* =============================================================== */TSS CREATE(CBADMIN) DFLTGRP(CBADMGP) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 ADMINISTRATOR') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBADMIN) UID(2103)TSS ADDTO(CBADMIN) FAC(STC,BATCH)/* =============================================================== *//* ADDING USERS TO RUN IVP1. *//* =============================================================== */TSS CREATE(CBIVP) DFLTGRP(CBIVPGP) TYPE(USER) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP1 USER') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBIVP) UID(2109)TSS ADDTO(CBIVP) FAC(STC,BATCH)/* =============================================================== *//* ADDING USERS TO RUN IVP2. *//* =============================================================== */TSS CREATE(CBIVP2) DFLTGRP(CBIVPGP2) TYPE(USER) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 IVP2 USER') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBIVP2) UID(2117)TSS ADDTO(CBIVP2) FAC(STC,BATCH)/* =============================================================== *//* ADDING DEFAULT CB390 USERID FOR BASE SERVERS. *//* =============================================================== */TSS CREATE(CBGUEST) DFLTGRP(CBCLGP) TYPE(USER) HOME(/tmp) -OMVSPGM(/bin/sh) NAME('CB390 DEFAULT USER') DEPT(WASDEPT) PASS(NOPW,0)TSS ADDTO(CBGUEST) UID(2102)TSS ADDTO(CBGUEST) FAC(STC,BATCH)/* =============================================================== *//* CONNECTING CB ADMINISTRATOR TO THE CB CONFIGURATION GROUP. *//* =============================================================== */TSS ADDTO(CBADMIN) GROUP(CBCFG1)/* =============================================================== *//* CONNECTING USERS TO THE CB CONFIGURATION GROUP. *//* =============================================================== */TSS ADDTO(CBDMNCR1) GROUP(CBCFG1)TSS ADDTO(CBNAMCR1) GROUP(CBCFG1)TSS ADDTO(CBSYMCR1) GROUP(CBCFG1)TSS ADDTO(CBINTCR1) GROUP(CBCFG1)TSS ADDTO(CBNAMSR1) GROUP(CBCFG1)TSS ADDTO(CBSYMSR1) GROUP(CBCFG1)TSS ADDTO(CBINTSR1) GROUP(CBCFG1)Implementing <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> in a z/<strong>OS</strong> or <strong>OS</strong>/390 Environment 1–45