The ACFLIDGN utility is a conversion aid that generates a logonid record for each user in the VM directory. New installations should use this procedure since users without logonid records cannot log onto a system with CA ACF2 for z/VM installed.
Be sure you defined the filename for the Logonid database in the @DDSN macro of the ACFFDR.
Execute ACFLIDGN before you IPL the CA ACF2 for z/VM CP nucleus; that is, the CA ACF2 for z/VM databases must be ready before you IPL with CA ACF2 for z/VM active. ACFLIDGN scans the VM directory for user statements that define the individual users (virtual machines). ACFDCVT then merges the user ID and an encrypted form of the password into a copy of the model (prototype) record to generate a LIDREC. It issues messages for each user ID processed.
You cannot run ACFLIDGN while CA ACF2 for z/VM is active and using the database. To execute this utility
ACFLIDGN
ACFLIDGN displays a series of questions while it is executing. Answer each question appropriately.
One of the questions you must answer is:
Should user IDs already present in the Logonid database be replaced? The model logonid is also replaced if present in the directory allowing for convenient password update. Reply 'no' or 'yes'. No is the default.
This option facilitates EXEC reruns after you make a large number of directory additions.
After directory processing completes, ACFLIDGN prompts you to supply additional logonids and passwords for the LIDRECs to generate. You can specify the model. This feature creates limited numbers of security administrators, auditors, and account managers after processing the bulk of general users.
The prompt for additional logonids is:
Specify the logonid name that is to be used as a model. The default is genuser, which is supplied as a non-CA ACF2 for z/VM authorized ID.
ACFLIDGN does not generate a CA ACF2 for z/VM logonid for user IDs that have a password of NOLOG.
Check the logonids you just created to personalize each one. Some users might need special privileges or limited access. You need to address each logonid on a case‑by‑case basis to be sure the user has the necessary authorization to perform his job.
ACFDCVT issues the following messages to track all Logonid database processing performed during the VM directory conversion. The prompts that ACFLIDGN issues are not described since they are self‑explanatory.
ACFLIDGN created a new logonid record for the indicated user.
ACFLIDGN replaced a previous logonid record for the indicated user.
The logonid record created for this user duplicates a previous logonid record. ACFLIDGN ignored the logonid record. Execution continues.
ACFLIDGN could not encrypt the password contained in the directory for this user. It did not create a logonid. Execution continues.
An I/O processing error occurred during an attempt to write the LIDREC for the indicated user. One possible cause is a full minidisk. Execution continues.
ACFLIDGN could not find the model logonid in the Logonid database. Execution stops.
For additional information about these and other messages, see the Message Guide.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|