Important AUTOLOG and XAUTOLOG Information

Protecting Special Resources › AUTOLOG or XAUTOLOG Validation › Important AUTOLOG and XAUTOLOG Information

Important AUTOLOG and XAUTOLOG Information

Read the following important information about VM AUTOLOG or XAUTOLOG support through CA ACF2 for VM:

Standard CA ACF2 for VM command limiting rules apply for AUTOLOG and XAUTOLOG. They include:
- The LIMIT field of the CMDLIM VMO record that specifies the commands CA ACF2 for VM validates.
- Command limiting rules that allow, log, or prevent command access attempts.
- The MODE field of the CMDLIM VMO record that specifies the mode for command limiting validation.
Information for creating AUTOLOG resource rules includes:
- The AUTOLOG field of the RESCLASS VMO record defines the typecode required for autolog resource rule validation. The default specification is AUTOLOG (ALG), implementing the typecode ALG and implies AUTOLOG or XAUTOLOG commands. You can modify this value.
- By default, you can implement resource name masking for AUTOLOG resource rules. Masking lets you use asterisks (*) as $KEY masking characters, but not the dash (-). The TYPES field of the RESTYPE VMO record lets you mask the target machines in the $KEY.
- Specifying a resource rule's type code in the TYPES field of the RESTYPE VMO record makes the resource rule directory resident for the rule set's type code. This helps improve system performance.
- CA ACF2 for VM ignores the SERVICE and VERIFY keywords in AUTOLOG resource rules.
- Normal source and shift controls apply to the validation process for AUTOLOG resource rules.
Password suppression is a CA ACF2 for VM option with the AUTOLOG and XAUTOLOG commands on VM systems. The PSWDSUP operand of the VMXAOPTS macro in HCPAC0 defines password suppression. When
CA ACF2 for VM requires a password during AUTOLOG and XAUTOLOG validation, there are two possible reasons for entering your password, as the PSWDSUP option dictates:
- PSWDSUP=YES specifies that password suppression is turned on. This is the default. CA ACF2 for VM rejects any password you enter in clear text with the PASSWORD operand. You cannot enter the password on the command line for AUTOLOG. You must wait for the prompt.
  For XAUTOLOG, you must specify the XAUTOLOG PROMPT option so you can enter the password following the prompt. CA ACF2 for VM automatically suppresses the password display.
- PSWDSUP=NO specifies password suppression is turned off. You can enter the password in clear text with the XAUTOLOG PASSWORD option only if you issued the following class B command for the system since the last IPL.
CA ACF2 for VM validates data and resource access for a machine that is successfully autologged (the target) against it and not the user who issued the autolog (the initiator).
CA ACF2 for VM validates data and resource access for a group machine that is successfully autologged (the target) not the user who issued the autolog (the initiator). The initiator is identifiable in the reports corresponding with how CA ACF2 for VM generates reports for group virtual machines.