[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: connect group to cert
From:       Nigel Pentland <nigel () NIGELPENTLAND ! NET>
Date:       2008-03-28 22:49:46
Message-ID: 003801c89126$063d6210$152ca8c0 () NG003
[Download RAW message or body]

Hi Adam,

As I understand it the owner per say doesn't matter.  What matters is that
you have it 'owned' by SITE (i.e. irrsitec).

It looks to me like RACDCERT is looking for a user ID called KEYRING which
doesn't exist because it's actually a group.

I think what you need to get right are the permissions around your FACILITY
class profiles, e.g.

FACILITY IRR.DIGTCERT.LIST
FACILITY IRR.DIGTCERT.LISTRING

Where you want the STARTED task ID appearing on the appropriate access
lists.  If your certificate is 'owned' by SITE and your STARTED task has
access to the FACILITY class profiles I think that might do it?

Nigel...


----- Original Message -----
From: "Vanderhelm, Adam" <adam.vanderhelm@ITS.NC.GOV>
To: <RACF-L@LISTSERV.UGA.EDU>
Sent: Friday, March 28, 2008 5:27 PM
Subject: connect group to cert


Hi Guys,

I have two started tasks, one named TCPIP and the other FTPS. Both run under
the same RACFid named OMVSKERN. OMVSKERN is the owner of a SITE certificate
so that both TCPIP and FTPS can use encryption using the SITE cert.   I have
to add a new started task but that one cannot run under the authority of
OMVSKERN because OMVSKERN does not have enough authority.  I thought to
solve this issue by creating a group called KEYRING that would be connected
to the SITE cert, so that I can just add new started tasks ids by connecting
them to the group but I get the following error:


RACDCERT ID(KEYRING) CONNECT(SITE
LABEL('sccc20072008c') RING(sccc) USAGE(PERSONAL) DEFAULT)

IRRD102I The user ID specified is not defined to RACF.


Can anyone come up with a solution to my problem ?
[prev in list] [next in list] [prev in thread] [next in thread]