Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jar
racfloginmodule.jar 20.4 kB 1 18-Feb-2009 07:44 Harry Metske properly handle return/reason codes
jar
racfrealm.jar 15.6 kB 1 17-Feb-2009 07:38 Harry Metske a new version that uses JUL instead of commons-logging

This page (revision-10) was last changed on 06-May-2013 21:54 by Harry Metske  

This page was created on 11-Feb-2009 08:55 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 163 changed one line
* drop the attached [racfloginmodule|racfloginmodule.jar] in tomcat's lib directory
* drop the attached [racfloginmodule| racfloginmodule.jar] in tomcat's lib directory
At line 214 added 52 lines
! MVS Program Control
To validate a userid/password you have to call an MVS authorized function (RACINIT).
\\For this to succeed, the environment must be "program controlled", see the chapter on the __BPX.DAEMON FACILITY__ inthe __UNIX System Services Planning__ guide :
{{{
If the BPX.DAEMON resource in the FACILITY class is defined, your system has z/OS UNIX security.
Your system can exercise more control over your superusers.
}}}
\\If you have chosen for this security level, the following must be set up in advance :
* all loadlibraries from which modules get loaded in the address space must be RACF PADS protected
* all dll's loaded from the file system must have their program control bit on (use shellcmd ''extattr +p blabla.so'')
* all filesystems that have dll's that are loaded must be mounted with the setuid attibute (''mount -s setuid ...''), this the default BTW
* the userid that runs the wiki must have a READ permit on the FACILITY class BPX.DAEMON
If you fail one of these requirements, check the MVS SYSLOG for the following possible symptoms :
{{{
ICH420I PROGRAM CELHV003 FROM LIBRARY CEE.SCEERUN2 CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.
}}}
{{{
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING.
}}}
{{{
BPXP015I HFS PROGRAM /A0/usr/lpp/java/J6.0_64/lib/s390x/libwrappers.so
IS NOT MARKED PROGRAM CONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON)
PROCESSING.
}}}
You can check with the following :
* use ''ls -E'' , the "p" (program control) must be present in the mode bits
{{{
metskem@xat1:/usr/lpp/java/J6.0_64>ls -E ./bin/j9vm/libjvm.so
-rwxr-xr-x aps- 1 $$BPXRT OMVS 225280 Nov 8 06:21 ./bin/j9vm/libjvm.so
}}}
* use df -v to check the mount attributes (the second display shows the __no SUID__):
{{{
metskem@xat1:/usr/lpp/java/J6.0_64>df -v .
Mounted on Filesystem Avail/Total Files Status
/A0/usr/lpp/java/J6.0_64 (SYS8.OMVS.JAVA16.A0) 11216/868320 4294962897 Available
HFS, Read Only, Device:14437, ACLS=Y
File System Owner : XAT1 Automove=Y Client=N
Filetag : T=off codeset=0
metskem@xat1:/usr/lpp/java/J6.0_64>df -v /var/tomcat00/
Mounted on Filesystem Avail/Total Files Status
/XAT1/var/tomcat00 (SYSTEM.XAT1.HFS.VAR.TOMCAT00) 736312/1792800 4294966301 Available
HFS, Read/Write, Device:14533, ACLS=Y, No SUID
File System Owner : XAT1 Automove=U Client=N
Filetag : T=off codeset=0
}}}
Version Date Modified Size Author Changes ... Change note
10 06-May-2013 21:54 11.905 kB Harry Metske to previous restored previous version
9 11-Jul-2012 16:26 11.905 kB 217.111.83.124 to previous | to last
8 27-Oct-2009 22:45 11.905 kB Harry Metske to previous | to last few corrections / enhancements
7 15-Apr-2009 19:00 11.826 kB Harry Metske to previous | to last use CATALINA_OPTS instead of JAVA_OPTS (is used only with startup)
6 28-Feb-2009 17:16 11.896 kB Harry Metske to previous | to last com.ibm.security.auth.module.OS390LoginModule
5 18-Feb-2009 08:12 11.561 kB Harry Metske to previous | to last typo
4 18-Feb-2009 08:12 11.56 kB Harry Metske to previous | to last additional instructions for program control
3 13-Feb-2009 11:33 8.916 kB Harry Metske to previous | to last
2 11-Feb-2009 09:08 8.727 kB Harry Metske to previous | to last added ejbrole instructions
1 11-Feb-2009 08:55 8.424 kB Harry Metske to last
« This page (revision-10) was last changed on 06-May-2013 21:54 by Harry Metske