The ACFLIDGN utility is a conversion aid that generates a logonid record for each user in the VM directory. We recommend you use this procedure because users without logonid records cannot log onto a system with CA ACF2 for z/VM installed. Be aware, however, that incorrect input can lead to CA ACF2 for z/VM granting every logonid in your system SECURITY or some other CA ACF2 for z/VM privilege. Another possible outcome of incorrect input is that all logonids could have only the JOB and VM privileges. We strongly recommend you use the default values when you run the ACFLIDGN utility.
Sites that are using VSAM shared CA ACF2 for z/VM databases must use the ACF2VSAM utility. See the Report and Utilities Guide for information about this utility.
Step 1 is starting. Merge the VM directory into the Logonid database. Enter SKIP to bypass merging the CMS directory. Enter GO to continue or ? for more information.
If you respond to this question with ?, you see the following information:
? Step 1 merges the current VM directory into the Logonid database. If you are using your current databases as they are, reply COMPLETE to this prompt. New users should reply GO. This step performs the following functions: A. Lets you generate logonid records from the VM directory. If you reply NO, go to step G. If you reply YES, you need read/write access to the logonid database minidisk. B. Prompts for the directory filename, filetype, and filemode. C. Asks if the directory is in DirMaint cluster/dirmpart format. If it is, prompts you for the filemode of the minidisk where the cluster/dirmpart files reside. D. Prompts you for the logonid name you are using as a model. E. Asks if you want to replace the user IDs already present in the Logonid database. F. Asks if you want to clear the ZERO=YES field during the merge. If you reply YES, the sensitive data is not copied. G. Lets you add or replace a specific logonid record. Replies and their meanings are: GO (or a null line) to continue with the installation. COMPLETE indicates you have completed all of the required functions this step performs. CA ACF2 for z/VM assumes that you have completed everything properly and continues to the next step. HELP displays information on using this exec and valid replies for all prompts. Wait for a repeat of the prompt, then enter your reply. Step 1 is starting. Merge the VM directory into the Logonid database. Enter SKIP to bypass merging the CMS directory. Enter GO to continue or ? for more information.
If you respond to this question with GO, you see the following information:
go ACFLIDGN EXEC preliminaries: This exec lets you modify your logonid database using your VM directory and the distributed CA ACF2 for z/VM model logonids. CA distributes a sample database that includes model logonid records for various types of users, including general users, auditors, and account managers. If you are a new user, these sample files were previously copied to your service machine database disk. This exec executes in two phases. The first phase processes the VM directory. It creates a logonid record from each user directory entry, preserving the original user ID and password. It obtains additional logonid record data from a model logonid you specify. NOLOG users are bypassed. The second phase prompts you for any logonids that should be added or reconstructed using a different model. This provides a simple method to establish security officers, auditors, and leaders. All users will be required to change their passwords at the next logon. Press ENTER to continue. CA ACF2 for z/VM needs read/write access to the minidisk that contains your logonid database. If this disk is already accessed read/write, enter GO and CA ACF2 for z/VM continues. If this disk is not accessed read/write, enter a null line, and CA ACF2 for z/VM puts you into CMS mode. Enter the commands necessary to access this disk in read/write mode. Enter GO to continue or a null line to go into CMS.
The prompts that CA ACF2 for z/VM displays depend on your responses to previous questions.
Step 1 is complete.
The starter Logonid database contains predefined logonid records. Use these supplied logonids only as models. Change the passwords for all the supplied logonids immediately to maintain security. You should also cancel or suspend them as soon as you establish appropriate local logonid records to prevent possible unauthorized uses of them. The chart below lists the predefined logonids and their passwords.
|
Logonid |
Password |
Privileges |
Comments |
|---|---|---|---|
|
ACCOUNT |
ACCOUNT |
ACCOUNT |
Can create logonid records for other users. |
|
ACFUSER |
ACFUSER |
SECURITY |
Can store access rules, insert logonid records, and display all system parameters. |
|
ACF2VM |
ACF2VM |
AUDIT |
A sample used by the CA‑ACF2 service machine, can list all other logonid records and decompile access rules. |
|
AUDIT |
AUDIT |
AUDIT |
Can list all other logonid records and decompile all access rules. |
|
AUTOLOG1 |
AUTOLOG1 |
USER |
none |
|
GENUSER |
GENUSER |
JOB |
Model for general users. |
|
MAINT |
MAINT |
SECURITY |
Stores access rules and inserts additional logonid records. |
|
OPERATOR |
OPERATOR |
USER |
none |
|
SECURITY |
SECURITY |
SECURITY |
Writes access rules for all files. |
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|