[bit.listserv.ibmtcp-l] MVS and Top Secret

fleischmann@DECVAX.DEC.COM (Design is the negotiation of constraints) (02/12/90)

Does anyone have the Top Secret configuration to allow the MVS FTP server
access to the system.  Our TS people don't know what to enter and CA has
not responded to our calls.

/marc
====
Marc Fleischmann - Manager, Enterprise Automation
Lockheed Sanders, Inc.  Nashua, NH 03061-0868
(603) 885-5050  UUCP: ...decvax!savax!nhqvax!fleischmann

CHRIS@MIAMIU.BITNET (Chris Allison) (02/13/90)

On Mon, 12 Feb 90 09:01:17 EST Design is the negotiation of constraints said:
>Does anyone have the Top Secret configuration to allow the MVS FTP server
>access to the system.  Our TS people don't know what to enter and CA has
>not responded to our calls.
>

     Marc I know this is not a top secret answer but the same concepts must
be used.  I posted this after solving the problem for ACF2.  The specific
commands for the SAF interface are probably different, but the info should
still be useful.  Let me know if this helps.

 Chris Allison

======================================================================== 29
Date:         Tue, 28 Nov 89 15:33:38 EST
From:         Chris Allison <CHRIS@MIAMIU>
Subject:      MVS TCPIP and ACF2
To:           IBM TCP/IP for VM <IBMTCP-L@CUNYVM>

     Thanks to all the people who responded to my earlier question about
setting up the ACF2/SAF interface.  After making the changes I was left with
two additional problems.  The first is that the TCPIP products do not set
a terminal ID source when they make a SAF verify call to verify
LOGON ID/PASSWORD.  ACF2 refuses to allow the logon to continue.

======> IBM any comments. <==============

The second appears to be an ACF2 5.1 related problem with TCPIP's
autolog process.  ACF2 does not allow the SAF EXTRACT on an ID with the STC
attribute.  CA is sending me a couple of fixes.

  The SAF interface to ACF2 is implemented by adding SAFPROTect records of the
form:
 SET CONTROL(GSO)
 INSERT SAFPROT.FTP1 CLASSES(-) CNTLPTS(MVPTASK) SUBSYS(MVPTASK)
 INSERT SAFPROT.FTP2 CLASSES(-) CNTLPTS(MVPTASK) SUBSYS(SVC032)
 INSERT SAFPROT.FTP3 CLASSES(-) CNTLPTS(MVPTASK) SUBSYS(SVC019)
 INSERT SAFPROT.FTP4 CLASSES(-) CNTLPTS(CLOSE)   SUBSYS(OCEOV)

 (the last record FTP4 has not been observed being issued but was suggested)

 Additionally the various task ids must have MUSASS and STC on them to work.
: Chris Allison       IBM TCP/IP for VM   11/28/89 MVS TCPIP and ACF2